According to a report by Reuters, researchers at Awake Security uncovered a new spyware campaign that threatened the security of Chrome users. Google removed the more than 70 offending extensions from the Chrome Web Store last month after being alerted to the malicious activity, but not before they were downloaded 32 million times by unsuspecting users.
Considering the delicate personal and financial information we view and share in our web browsers, Google's inability to protect users is more than a bit worrying. The vast number of downloads mentioned points to a campaign of unprecedented scale, although we don't know exactly how many users may have been affected.
Developers of the rogue extensions disguised their identities with false information and the tools themselves were designed to evade detection by antivirus software. The extensions were able to pass information through a network of more than 15,000 malicious domains, all bought from a single registrar in Israel called Galcomm. That company says they have nothing to do with the nefarious activity, but it's been suggested that they should have at least questioned the suspect purchases. Enterprise users were likely to have been protected by corporate security measures, but home users may not have been so lucky.
A Google spokesperson didn't give much away, saying only that the company did regularly sweep for malicious actors and takes action when it's alerted to them. This is no different from what is said after every similar security issue, so it does little to assuage the concerns of security professionals and users who will rightly wonder why Google wasn't able to protect against these threats in the first place.
Awake Security names and shames
If you'd like to see a list of the extensions in question, take a look at Awake Security's research (published after our story went live).