Chrome extensions with 33 million downloads slurped sensitive user data

[pakhitheboss]

Another reason why we shouldn't trust Google and Google’s Chrome Web Store.

We all know how 'poor' their services are, specially in the last couple of months wherein we saw tons of fake crypto related apps in web store. But this report should put Google in the limelight again as obviously, their services have been taken advantage of cyber criminals, regardless if it is state sponsored or just hacking groups milking crypto enthusiast.

Spying campaign tied to 15,000 malicious or suspicious domains uploaded data.

Browser extensions downloaded almost 33 million times from Google’s Chrome Web Store covertly downloaded highly sensitive user information, a security firm said on Thursday in a report that underscores lax security measures that continue to put Internet users at risk.

The extensions, which Google removed only after being privately notified of them, actively siphoned data such as screenshots, contents in device clipboards, browser cookies used to log in to websites, and keystrokes such as passwords, researchers from security firm Awake told me. Many of the extensions were modular, meaning once installed, they updated themselves with executable files, which in many cases were specific to the operating system they ran on. Awake provided additional details in this report.

Company researchers found that all 111 of the extensions it identified as malicious connected to Internet domains registered through Israel-based GalComm. The researchers eventually found more than 15,000 registered through GalComm hosting malicious or suspicious behavior. The malicious domains used a variety of evasion techniques to avoid being labeled as malicious by security products.

https://arstechnica.com/information-technology/2020/06/chrome-extensions-with-33-million-downloads-slurped-sensitive-user-data/

I think we should avoid Google chrome itself after the recent Google Chrome privacy goof up. You cannot believe Google at all but most of us use it because of it is easy to access all your data regardless of device. I have recently started using Brave and the new Microsoft edge, these two browsers are far better than Chrome.

[NeuroticFish]

I think we should avoid Google chrome itself after the recent Google Chrome privacy goof up.

We should have done that long ago. Doing that is a very good step forward. I've done it too (quite late!) and I can tell that Firefox is a worthy replacement.
It may also worth reading #DeGoogle - Take back control of your privacy

I have recently started using Brave and the new Microsoft edge, these two browsers are far better than Chrome.

I think that you are doing it wrong. I am almost sure that Microsoft has added its own tracking into Edge, also it's based on Chromium, meaning that's not really 100% free of Google.
Also, Brave is no longer the great thing to trust: New stupid/greedy move from Brave Browser