Cybersecurity firm Awake Security recently discovered a large-scale Chrome extension malware campaign designed to monitor users' networks without their knowledge.
According to Awake Security, at least 111 Chrome extensions contained malware and spying tools pulled from websites hosted by GalComm and these extensions had been downloaded at least 32 million times. That number does not include extension downloads occurring outside of the Chrome Web Store.
GalComm used the malicious browser extensions to access millions of personal and corporate networks and collect a huge amount of data. Although the attack occurred on a massive scale, the extensions used "sophisticated circumvention methods to avoid detection."
The following Chrome extensions have been found to contain malware:
Google has removed the malicious extensions on its store and will deactivate them soon. However, individual users must uninstall any unsafe extensions that they side-loaded from non-Google sources. Brendan Hesse "What You Need to Know About the Latest Chrome Extension Malware Campaign" lifehacker.com (Jun. 24, 2020).