TECH

Dozens of malicious extensions for Google Chrome have been downloaded by users more than 30 million times

Experts at Awake Security, an information security company, discovered more than 70 malicious extensions to the popular Google Chrome browser, which were downloaded by users about 32 million times in total.
Experts note the technology industry's inability to provide reliable protection to browsers, despite the fact that users use them to view e-mail, online banking, communicate on social networks and perform other actions related to data processing confidential. Alphabet Inc., Google's parent company, announced that more than 70 extensions have been removed from the official Chrome Web Store after receiving a message from researchers.
"When we are notified of extensions in the online store that violate our rules, we take appropriate action and use incidents as training materials for our automatic and manual algorithms," commented Scott Westover, a Google spokesman.
The source notes that most remote extensions were distributed free of charge and were intended to alert users of questionable sites or offered a tool to quickly convert files from one format to another. In addition to the main functions, these extensions collected and transmitted to third party servers information about web pages viewed by users, as well as data entered in various ways when interacting with web services. Gary Golomb, co-founder of Awake Security, believes that, due to the number of downloads, this was the largest-scale malicious campaign targeting Chrome users.
Google representatives declined to publicly discuss ways to compare malware campaigns, the extent of the damage and why the company did not discover malicious extensions on its own. Who exactly is behind the organization of a large-scale malicious campaign is also unknown.

AVnews