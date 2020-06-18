But the new report highlights the potential of fraudulent extensions to harm and compromise a wide variety of systems.
"The actors behind these activities have established a persistent foothold on almost all networks," said the Awake researchers.
Google confirmed that all browser extensions marked by Awake have since been removed.
"We appreciate the work of the research community, and when they alert us to extensions … that violate our policies, we take action and use those incidents as training material to improve our automatic and manual analyzes," said Google spokesperson Scott Westover. in a statement provided to CNN Business. "We do regular sweeps to find extensions using similar techniques, codes, and behaviors, and we remove those extensions if they violate our policies."
Awake linked all extensions associated with the spy campaign to Galcomm, an Israeli web hosting company that claims to manage approximately 250,000 browser domains.
"By exploiting the trust placed in it as a domain registrar, Galcomm has enabled malicious activity that has been found in more than a hundred networks that we have examined," Awake researchers said in the report, adding that they found more out of 15,000 Galcomm domains that were "malicious or suspicious".
"Galcomm is not involved, and is not complicit in any malicious activity," Moshe Fogel told Reuters. Google did not comment on Galcomm's role in the campaign.
"In addition to disabling developer accounts that violate our policies, we also flag certain malicious patterns that we detect to prevent extensions from coming back," he added.