Saturday, January 25, 2025
HomeChromeMassive Spying Campaign Targets Chrome Browser, Over 32 Million Users Potentially Impacted

Massive Spying Campaign Targets Chrome Browser, Over 32 Million Users Potentially Impacted

Published on

SIEM as a Service

Follow Us on Google News

A newly discovered massive spyware campaign uses Chrome browser extensions aimed to steal sensitive data from users across multiple geographies and industry segments.

Researchers from Awake Security researchers uncovered more than 111 malicious Chrome extensions that use GalComm domains for their command and control operation.

CommuniGal Communication Ltd. (GalComm) is an Israel based internet domain registrar and the company was founded in 2000.

Malicious domains & Extensions

Awake security observed that almost 60% of domains registered with GalComm are malicious. They are used for serving malware or involved in surveillance activities.

Those domains used various evasion techniques to stay undetected by most security solutions, here is the complete list of the domains.

All the harvested 111 malicious extensions use GalComm domains for C&C and they are aiming to take screenshots, read the clipboard, harvest credential tokens stored in cookies or parameters, grab user keystrokes and other surveillance activities.

The malicious extensions found to be downloaded for more than 32,962,951, times from Chrome web Store, some of these extensions alone downloaded 10 million times.

“Based on the number of downloads, it was the most far-reaching malicious Chrome store campaign to date,” said Awake co-founder and chief scientist Gary Golomb

Here you can find the malicious Chrome extensions TSV list [1,2].

Most of these malicious extensions are posed to offer file conversion and other utility servers, but their goal is to steal user data.

Malicious Extensions

The massive surveillance campaign specifically targets users in “financial services, oil and gas, media and entertainment, healthcare and pharmaceuticals, retail, high-tech, higher education, and government organizations.”

“When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses,” Google spokesman Scott Westover told Reuters.

Google not shared any details about how the spyware apps infiltrated and persist with the Google play store.

Galcomm told Reuters that “his company had done nothing wrong, Galcomm is not involved, and not in complicity with any malicious activity whatsoever.”

Browsers security is crucial nowadays as several Critical applications like Microsoft 365, Google, Salesforce, Workday, Facebook, LinkedIn, and Zoom live in our Internet browsers. Campaigns like this could cause serious damage to business and personal lives.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read

Beware of Coronavirus-themed Grandoreiro Malware Attacks Bank Customers Via Chrome Plugin

Google Bans 49 Chrome Extensions Aimed to Steal crypto-wallet Keys

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Subaru’s STARLINK Connected Car’s Vulnerability Let Attackers Gain Restricted Access

In a groundbreaking discovery on November 20, 2024, cybersecurity researchers Shubham Shah and a...

Android Kiosk Tablets Vulnerability Let Attackers Control AC & Lights

A security flaw found in Android-based kiosk tablets at luxury hotels has exposed a...

CISA Releases Six ICS Advisories Details Security Issues

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued six Industrial Control Systems (ICS)...

Juniper Routers Exploited via Magic Packet Vulnerability to Deploy Custom Backdoor

A sophisticated cyber campaign dubbed "J-magic" has been discovered targeting enterprise-grade Juniper routers with...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

New Supply Chain Attack Targeting Chrome Extensions to Inject Malicious Code

A sophisticated supply chain attack targeting Chrome browser extensions has come to light, potentially...

Is this Website Safe: How to Check Website Safety – 2025

is this website safe? In this digital world, Check a website is safe is...

Chrome Security Update – Patch for Multiple Security Vulnerabilities

Google has released an update for its Chrome web browser, advancing to version 131.0.6778.264/.265...