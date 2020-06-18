Google Chrome users may have been affected by a massive spy campaign, according to a report

The report, from cybersecurity firm Awake Security, found at least 111 "malicious or bogus" Chrome extensions capable of taking screenshots, stealing login credentials, and capturing passwords as users typed them in. The campaign impacted a wide range of sectors, including financial services, healthcare and government organizations, he added.
The extensions allow users to add features and capabilities to their browsers, such as a recently popular one that allows multiple laptops to stream Netflix shows simultaneously and another from Google that allows users to bookmark suspicious websites.

But the new report highlights the potential of fraudulent extensions to harm and compromise a wide variety of systems.

"The actors behind these activities have established a persistent foothold on almost all networks," said the Awake researchers.

Google confirmed that all browser extensions marked by Awake have since been removed.

"We appreciate the work of the research community, and when they alert us to extensions … that violate our policies, we take action and use those incidents as training material to improve our automatic and manual analyzes," said Google spokesperson Scott Westover. in a statement provided to CNN Business. "We do regular sweeps to find extensions using similar techniques, codes, and behaviors, and we remove those extensions if they violate our policies."

Awake linked all extensions associated with the spy campaign to Galcomm, an Israeli web hosting company that claims to manage approximately 250,000 browser domains.

"By exploiting the trust placed in it as a domain registrar, Galcomm has enabled malicious activity that has been found in more than a hundred networks that we have examined," Awake researchers said in the report, adding that they found more out of 15,000 Galcomm domains that were "malicious or suspicious".

Galcomm did not immediately respond to a request for comment from CNN Business, but the company owner denied wrongdoing in a statement to Reuters, which first reported on Awake's findings.

"Galcomm is not involved, and is not complicit in any malicious activity," Moshe Fogel told Reuters. Google did not comment on Galcomm's role in the campaign.

Google Chrome extensions have been linked to cyber attacks in the past, including in February this year. The company has taken several steps to improve the browser's privacy and security protections, Westover said.

"In addition to disabling developer accounts that violate our policies, we also flag certain malicious patterns that we detect to prevent extensions from coming back," he added.

