Google Chrome Malware attack: Over 32 million users were targeted19-Jun-2020
Chrome’s brand reputation and huge market share make them a big target for cybersecurity attacks.
Recently chrome’s 32 million users were being hit by an enormous spyware attack which was secretly attacking via downloads of malicious extensions/add-ons.
It was first reported by Reuters and the spyware operation was revealed by researchers at Awake Security. Google has confirmed that they had removed 70 malicious extensions from the Chrome web store.
The former National Security Agency engineer Ben Johnson said;
"Anything that gets you into somebody's browser or email or other sensitive areas would be a target for national espionage as well as organized crime,"
Ben Johnson is the founder of security companies Carbon Black and Obsidian Security.
“We do regular sweeps to find extensions using similar techniques, code, and behaviors, and take down those extensions if they violate our policies.” Google’s Westover said.
Apart from all this, Questionaire came forward are;
How did the malware work?
Why didn't it get detected by antivirus software installed on the user's system?
How did it wasn’t get detected earlier?
The malware was efficiently designed to avoid coming into interaction with antivirus software. If a user used the browser to surf on the web on a personal computer. It would connect to a series of websites and transmit information, and anyone who is using a corporate network connection and if it would include security services in it, would neither exchange the sensitive information nor get in reach with the malicious website domains. It was hiding behind over 15K domains and all of them were linked to each other. This research list was revealed by Awake Security after the publication by Reuters.
Is there anything for users to take care of?
The only suggestion for all users who use chrome is; you must double-check the permissions asked by extensions at the time of installation.
Alternatively, the new Edge browser launched by Microsoft is built on the same chromium engine mechanism, so obviously chrome’s extensions are also supported by Microsoft Edge Browser. And its privacy settings (Strict Mode of Microsoft’s Edge) are much better and powerful as compared to the Chrome as it blocks 3rd party cookies