Nearly 80 Chrome extensions caught spying -- how to protect yourself

Nearly lxxx Chrome extensions defenseless spying -- how to protect yourself

(Image credit: Shutterstock)

More than than 100 malicious and fake Google Chrome browser extensions have clustered effectually 33 one thousand thousand downloads in total, co-ordinate to an investigation past security business firm Awake.

Security researchers discovered 111 malicious extensions that were downloaded by users of the Google Chrome browser and spread dangerous spyware.

The all-time antivirus software: stay protected online
VPN: add together an extra layer of security with a virtual individual network
Plus: New Chrome extension makes web surfing easier: How to use it

Reuters reported that the extensions claimed to warn users of dangerous websites and change the format of files when they really had malicious intentions.

Some of the extensions never appeared in the Chrome Spider web Store, the total Awake report noted, just instead themselves installed the Chromium open up-source version of Chrome and then that they could run without Google'due south approving.

Awake said the extensions were able to take screenshots of the victims' devices, load malware and read clipboards, besides as harvest tokens and user input, among other malicious operations.

The business firm also found that the attackers used an infrastructure of 15,160 malicious or suspicious domains and were able to bypass sandboxes, endpoint detection and response solutions and web proxies.

Cybercriminals bought the domain names from GalComm, an State of israel-based domain registrar. GalComm's owner told Reuters that his company was non aware that it was existence used equally function of a malicious campaign.

However, the Awake report said that well-nigh 60% of the GalComm-registered domains that Awake researchers could reach were "malicious or suspicious." Information technology added that "GalComm is at best complicit in malicious activeness."

Awake co-founder and chief scientist Gary Golomb suggested that this was the most far-reaching malicious campaign found on the Google Chrome Store.

The researchers aren't sure who is backside the attack, but told Reuters that the attackers used faux contact details when applying to have their extensions published on the Chrome Spider web Store.

Taking action

Later learning of the malicious extensions last month, Google removed 79 of them. A spokesman for the tech giant, Scott Westover, told Reuters: "When we are alerted of extensions in the Spider web Store that violate our policies, we accept action and use those incidents as training textile to ameliorate our automated and transmission analyses."

"Illicit extensions usually require permissions to grant further admission to data on your machine which users must be vigilant of," Jake Moore, a security specialist at ESET, told Tom'due south Guide.

"It'south vital to check which permissions a browser extension requires especially when it's gratuitous as some can exist harmful," he said. "Simply like downloading anything to your device, I would always advise circumspection with add-ons as Google cannot verify each extension independently."

Remember, if you have a Chrome browser extension installed, simply you lot don't need it at the moment, you can always become to chrome://extensions/ to disable it without removing it. (You tin can enable it when you need it.) Doing so volition make Chrome run faster and free up retentivity on your computer.

The malicious Chrome extensions

It doesn't make for interesting reading, but here's the full list of the extension IDs of all 111 malicious Chrome (and Chromium) extensions that Awake discovered.

Unfortunately, if you lot want to meet if whatsoever of the extensions you lot've added to Chrome are on this listing, you lot've got to do and so manually.

Right-click or control-click the icon of a running extension in upper right corner of the browser, and select "Manage extensions." A new tab will open describing the extension, and in the address bar of the tab, you lot'll run into something that looks like "chrome://extensions/?id=oiigbmnaadbkfbmpbfijlflahbdbdgdf."

That long string of gibberish is a 32-character extension ID. Compare each of your extensions' IDs to the listing below, and if anything matches, remove the extension.

acmnokigkgihogfbeooklgemindnbine
apgohnlmnmkblgfplgnlmkjcpocgfomp
apjnadhmhgdobcdanndaphcpmnjbnfng
bahkljhhdeciiaodlkppoonappfnheoi
bannaglhmenocdjcmlkhkcciioaepfpj
bgffinjklipdhacmidehoncomokcmjmh
bifdhahddjbdbjmiekcnmeiffabcfjgh
bjpknhldlbknoidifkjnnkpginjgkgnm
blngdeeenccpfjbkolalandfmiinhkak
ccdfhjebekpopcelcfkpgagbehppkadi
cceejgojinihpakmciijfdgafhpchigo
cebjhmljaodmgmcaecenghhikkjdfabo
chbpnonhcgdbcpicacolalkgjlcjkbbd
cifafogcmckphmnbeipgkpfbjphmajbc
clopbiaijcfolfmjebjinippgmdkkppj
cpgoblgcfemdmaolmfhpoifikehgbjbf
dcmjopnlojhkngkmagminjbiahokmfig
deiiiklocnibjflinkfmefpofgcfhdga
dipecofobdcjnpffbkmfkdbfmjfjfgmn
dopkmmcoegcjggfanajnindneifffpck
dopmojabcdlfbnppmjeaajclohofnbol
edcepmkpdojmciieeijebkodahjfliif
ekbecnhekcpbfgdchfjcfmnocdfpcanj
elflophcopcglipligoibfejllmndhmp
eogfeijdemimhpfhlpjoifeckijeejkc
fcobokliblbalmjmahdebcdalglnieii
fgafnjobnempajahhgebbbpkpegcdlbf
fgcomdacecoimaejookmlcfogngmfmli
fgmeppijnhhafacemgoocgelcflipnfd
fhanjgcjamaagccdkanegeefdpdkeban
flfkimeelfnpapcgmobfgfifhackkend
fmahbaepkpdimfcjpopjklankbbhdobk
foebfmkeamadbhjcdglihfijdaohomlm
fpngnlpmkfkhodklbljnncdcmkiopide
gdifegeihkihjbkkgdijkcpkjekoicbl
gfcmbgjehfhemioddkpcipehdfnjmief
gfdefkjpjdbiiclhimebabkmclmiiegk
ggijmaajgdkdijomfipnpdfijcnodpip
ghgjhnkjohlnmngbniijbkidigifekaa
gllihgnfnbpdmnppfjdlkciijkddfohn
gmmohhcojdhgbjjahhpkfhbapgcfgfne
gofhadkfcffpjdbonbladicjdbkpickk
hapicipmkalhnklammmfdblkngahelln
hijipblimhboccjcnnjnjelcdmceeafa
hmamdkecijcegebmhndhcihjjkndbjgk
hodfejbmfdhcgolcglcojkpfdjjdepji
hpfijbjnmddglpmogpaeofdbehkpball
ianfonfnhjeidghdegbkbbjgliiciiic
ibfjiddieiljjjccjemgnoopkpmpniej
inhdgbalcopmbpjfincjponejamhaeop
iondldgmpaoekbgabgconiajpbkebkin
ipagcbjbgailmjeaojmpiddflpbgjngl
jagbooldjnemiedoagckjomjegkopfno
jdheollkkpfglhohnpgkonecdealeebn
jfefcmidfkpncdkjkkghhmjkafanhiam
jfgkpeobcmjlocjpfgocelimhppdmigj
jghiljaagglmcdeopnjkfhcikjnddhhc
jgjakaebbliafihodjhpkpankimhckdf
jiiinmeiedloeiabcgkdcbbpfelmbaff
jkdngiblfdmfjhiahibnnhcjncehcgab
jkofpdjclecgjcfomkaajhhmmhnninia
kbdbmddhlgckaggdapibpihadohhelao
keceijnpfmmlnebgnkhojinbkopolaom
khhemdcdllgomlbleegjdpbeflgbomcj
kjdcopljcgiekkmjhinmcpioncofoclg
kjgaljeofmfgjfipajjeeflbknekghma
labpefoeghdmpbfijhnnejdmnjccgplc
lameokaalbmnhgapanlloeichlbjloak
lbeekfefglldjjenkaekhnogoplpmfin
lbhddhdfbcdcfbbbmimncbakkjobaedh
ldoiiiffclpggehajofeffljablcodif
lhjdepbplpkgmghgiphdjpnagpmhijbg
ljddilebjpmmomoppeemckhpilhmoaok
ljnfpiodfojmjfbiechgkbkhikfbknjc
lnedcnepmplnjmfdiclhbfhneconamoj
lnlkgfpceclfhomgocnnenmadlhanghf
loigeafmbglngofpkkddgobapkkcaena
lpajppfbbiafpmbeompbinpigbemekcg
majekhlfhmeeplofdolkddbecmgjgplm
mapafdeimlgplbahigmhneiibemhgcnc
mcfeaailfhmpdphgnheboncfiikfkenn
mgkjakldpclhkfadefnoncnjkiaffpkp
mhinpnedhapjlbgnhcifjdkklbeefbpa
mihiainclhehjnklijgpokdpldjmjdap
mmkakbkmcnchdopphcbphjioggaanmim
mopkkgobjofbkkgemcidkndbglkcfhjj
mpifmhgignilkmeckejgamolchmgfdom
nabmpeienmkmicpjckkgihobgleppbkc
nahhmpbckpgdidfnmfkfgiflpjijilce
ncepfbpjhkahgdemgmjmcgbgnfdinnhk
npaklgbiblcbpokaiddpmmbknncnbljb
npdfkclmbnoklkdebjfodpendkepbjek
nplenkhhmalidgamfdejkblbaihndkcm
oalfdomffplbcimjikgaklfamodahpmi
odnakbaioopckimfnkllgijmkikhfhhf
oklejhdbgggnfaggiidiaokelehcfjdp
omgeapkgiddakeoklcapboapbamdgmhp
oonbcpdabjcggcklopgbdagbfnkhbgbe
opahibnipmkjincplepgjiiinbfmppmh
pamchlfnkebmjbfbknoclehcpfclbhpl
pcfapghfanllmbdfiipeiihpkojekckk
pchfjdkempbhcjdifpfphmgdmnmadgce
pdpcpceofkopegffcdnffeenbfdldock
pgahbiaijngfmbbijfgmchcnkipajgha
pidohlmjfgjbafgfleommlolmbjdcpal
pilplloabdedfmialnfchjomjmpjcoej
pklmnoldkkoholegljdkibjjhmegpjep
pknkncdfjlncijifekldbjmeaiakdbof
plmgefkiicjfchonlmnbabfebpnpckkk
pnciakodcdnehobpfcjcnnlcpmjlpkac
ponodoigcmkglddlljanchegmkgkhmgb

Read more:The best Google Chrome extensions you tin actually trust

Nicholas Fearn is a freelance engineering journalist and copywriter from the Welsh valleys. His work has appeared in publications such as the FT, the Independent, the Daily Telegraph, The Next Web, T3, Android Central, Figurer Weekly, and many others. He besides happens to be a diehard Mariah Carey fan!