111 malicious or fake Chrome extensions reported by security company Awake, Google has responded: these extensions have been urgently removed from the Chrome Web Store.
According to Reuters, researchers from Awake, a cybersecurity threat detection vendor, have announced that they have found problematic plug-ins in Google Chrome’s extension store, which have been downloaded 32 million times. These problem extensions can take screenshots, read the clipboard, steal credentials, monitor keystrokes, etc. Awake said that this may be the largest malicious activity against Chrome users, and emphasized that in May 2020, some of these extensions were downloaded more than 10 million times.
Behind-the-scenes of this malicious activity has not yet been identified, only mentioning a company whose domain name used by the attacker is located in Israel. Awake said that of the 26,079 accessible domain names registered through GalComm, nearly 60% of them are malicious or suspicious. Attackers use various evasion techniques to avoid these domain names from being labeled maliciously by most security solutions. , So that this event is not noticed.
