Skip to content

The spy campaign affects thousands of Google Chrome users through its extensions: analysis

June 19, 2020

Cybersecurity company Awake Security has discovered around 111 fake Google Chrome extensions.

Increase your business, Not your inbox

Stay up to date and subscribe to our daily newsletter now!

Read for 5 min

The spy campaign affects thousands of Google Chrome users through its extensions: analysisThe spy campaign affects thousands of Google Chrome users through its extensions: analysis


Today we dive into the scene of the Information technologywithin which cybersecurity has taken on a very relevant role. It is extremely important to protect our data and information as we are constantly exposed to cyber risks. The provision of access or the transfer of personal data can endanger our identity and access to our accounts or platforms.

In accordance with CNNCyber ​​security company Awake Security discovered approximately 111 fake Google Chrome extensions that were downloaded more than 32 million times and used in a general surveillance campaign to spy on users in this well-known browser.

According to Awake Security, “Awicious” extensions can take screenshots, steal login users and enter passwords when Internet users compile their data. The campaign has been effective in various areas of financial services, healthcare and government organizations.

It should be noted that the extensions allow users to add features and capabilities to their browsers. This report mentions the power that a fraudulent extension has to damage and risk a variety of systems.

The actors behind these activities have established themselves in almost every network, said Awake researchers.

The extensions allow users to add features and capabilities to their browsers / Image: Awake Security via Twitter.

In the meantime, Google confirmed that all extensions marked with Awake were removed from that moment.

Google spokesman Scott Westover in a statement from CNN business, mentions that the research community’s work is valued and when alerted to extensions that violate its guidelines, they take action and use these incidents as training material to improve their automatic and manual analysis.

Cyber ​​security company Awake has been able to link the extensions to the Galcomm spy campaign, an Israeli web hosting company that confirms the management of approximately 250,000 browser domains.

Guard officers said Galcomm, through leveraging the trust placed in him as a domain registrar, has enabled malicious activity on more than a hundred networks they have investigated. They found over 15,000 Galcomm domains that were either malicious or suspicious.

An immediate response from Galcomm was not received in a statement to Reuters: “The owner of the company denied doing wrong.”

Moshe Fogel mentioned to Reuters that Galcomm is not involved and that he is not involved in any malicious activity. Google has not commented on Galcomm’s role in the campaign.

More than 15,000 Galcomm domains have been classified as malicious or suspicious / Image: Depositphotos.com

How can you avoid being part of the victims of this type of attack?

The experts mentioned a number of measures that are important to install an extension that does not fall under this type of fraud. It is worth noting that it is not 100% effective. In most cases, however, we can rule out these types of extensions.

  1. Developer: Check online how trustworthy the developer of the application, its website, news and opinions are.
  2. Application description: It is important that the description is clear and gives you an idea of ​​how it works after installation.
  3. Reviews: Often times, users have already conducted a preliminary investigation and commented on their concerns so they can help us decide.
  4. Guidelines: Often, the guidelines can be long, pretty technical – extremely boring – but we can go straight to the point and look for words or sections that give us an idea of ​​what the extension is collecting. We may find something like: access your cookies, save them and send them to third parties, or access your history and save them on an x ​​server.
  5. Permissions: If you choose to install it, Chrome will ask if you want to give the extension certain permissions. It is very important that you check what permissions you are giving it, as it depends on what information the extension receives.