Researchers at Awake Security said that a newly discovered spyware is attacking many users. The culprits do these attacks through 32 million downloads of extensions to Google’s Chrome web browser.
They highlighted how the tech industry fails to protect web browsers. Many use browsers frequently “for email, payroll and other sensitive functions,” Fox Business said in a report.
According to Google, it removed more than 70 of the malicious add-ons from its official Chrome Web Store. Google has taken this action following alerts by the researchers last month.
“When we are alerted of extensions in the Web Store that violate our policies,” Google spokesman Scott Westover told Reuters. We take action and use those incidents as training material to improve our automated and manual analyses,”
The majority of the free extensions “siphoned off browsing history and data that provided credentials for access to internal business tools,” Fox Business also reported.
There is no clear information on who was behind the distribution of the malware. According to Awake, the developers supplied fake contact information when they submitted the extensions to Google.
“Anything that gets you into somebody’s browser or email or other sensitive areas would be a target for national espionage as well as organized crime,” said former National Security Agency engineer Ben Johnson.