![]() ![]() “In the past three months alone, we have harvested 111 malicious or fake Chrome extensions using GalComm domains for attacker command and control infrastructure and/or as loader pages for the extensions,” researchers wrote. Researchers said that the domain registrar allowed criminals to bypass “multiple layers of security controls, even in sophisticated organizations with significant investments in cybersecurity.” GalComm, researchers alleged, enabled malicious activity by those behind the browser extensions by allowing them to cloak their activities. “You can say exactly the opposite, we cooperate with law enforcement and security bodies to prevent as much as we can.” “Galcomm is not involved, and not in complicity with any malicious activity whatsoever,” Fogel told Reuters. Galcomm owner Moshe Fogel told the news agency Reuters that his company was unaware of the malicious activity and had done nothing wrong. While Google has long policed its Chrome Web Store for rogue browser extensions, what is unique about this malicious effort was that it was allegedly part of a coordinated and “massive global surveillance campaign.” Researchers also assert that the campaign was aided by the internet domain registrar CommuniGal Communication Ltd. In total, Awake Security estimates the extensions were downloaded 32 million times. The browser extensions were free and designed to either alert users to questionable websites or to convert files. ![]() “When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses,” said Scott Westover, a Google spokesperson, in a statement. The attackers used the Google Chrome browser extensions to not only steal data, but also to create persistent footholds on corporate networks. In the research, also published Thursday, Awake Security alleged millions of Chrome users have been targeted by threat actors. Google removed 106 Chrome browser extensions Thursday from its Chrome Web Store in response to a report that they were being used to siphon sensitive user data. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |