Chrome Extensions Stole User Data

Add-ons that were supposed to increase security have only reduced it

Add-ons and extensions to browsers have been with us for several good years and their popularity does not seem to be diminishing. From adblocks to plug-ins that track promotions in online shops. In short, the Chrome Web Store (and other "stores" with add-ons for different browsers) offers almost anything. Unfortunately, this includes threats, such as the current one, as around 32 million Google Chrome users have had their data stolen.

Pretending to be add-ons to protect users (to warn about websites with doubtful reputation, attempts to defraud money, etc.) they sent all sensitive data of the people who installed them to external servers. Extensions were designed specifically to bypass Google's security features. When trying to browse the Internet, the person using them was redirected through various external sites that collected information such as key interception, which enabled fraudsters to match virtually every login and password of a person with the infected browser.

In its report, Awake Security stated that the extensions sent the collected information to more than 15 thousand internet domains owned by GalComm from Israel. Awake claims that GalComm must have known what was going on. However, the Israelis deny everything. The owner of the company Moshe Fogel told Reuters that his company is not involved in any criminal activity and that the domains used for illegal activity have been inactive for a long time and the case will be investigated.

“When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses," said Google's spokesperson Scott Westover.

The affair shows that it might be better not to install dozens of plug-ins in our browser, except for those truly necessary and verified, because threats are lurking everywhere, even where we don't expect them.