Security researchers have found malware that endangered users through downloads of extensions to Google’s Chrome web browser. The ‘spyware’– software that steals information from a computer and sends it to a third party – attacked users through 32 million downloads of Chrome extensions. Most of the free extensions purported to warn users about questionable websites or convert files from one format to another.
Instead, they siphoned off surveying records and data that provided credentials for access to internal business tools, researchers at Awake Security told Reuters. The security authorities have termed it the ‘most far-reaching spiteful Chrome store warfare’ ever, and yet it had been neglected by Google, which is owned by Alphabet Inc, said it eliminated more than 70 of the malicious add-ons from its official Chrome Web Store after being alerted by the researchers last month.
‘When we are informed of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses,’ Google spokesman Scott Westover told Reuters.Google refused to discuss how the latest spyware compared with prior campaigns, the breadth of the damage, or why it did not detect and remove the extensions on its own.
Google, which dominates the web browser market with more than a 60 per cent share, according to Stat Counter, claims to have a zero-tolerance approach to malware and malicious ads. We don’t allow advertisers to run ads, content or destinations that attempt to trick or circumvent our ad review processes,’ it says on its website. Google checks websites to see whether they host software or downloadable executables that negatively affect the user experience.’ Galcomm should have known what was happening, but in an email to Reuters, Galcomm owner Moshe Fogel said his company had done nothing wrong.’
Galcomm is not involved, and not in complicity with any malicious activity whatsoever,’ Fogel wrote. You can say exactly the opposite, we cooperate with law enforcement and security bodies to prevent as much as we can.‘Fogel said there was no record of the inquiries that Awake co-founder Golomb said he made in April and again in May to the company’s email address for reporting abusive behaviour.