Legit-looking Chrome extensions with 32 million downloads
Though the names of the spyware-laced extensions remain unknown, Awake Security, the company that found them, told Reutersthat the plugins looked completely innocuous, promising to perform functions ranging from flagging shady sites to converting files.
In all, the firm said, it detected over 70 malicious extensions, which had been downloaded as many as 32 million times through the official Google Chrome Web Store.
While posing as legitimate programs for millions, the extensions performed shady activities in the background, including things like stealing background history and data carrying credentials for business tools.
They actively avoided detection by anti-virus tools and connected to a series of malicious websites to mine and transmit the information. But, the transmission only took place in the case of consumer networks, not corporate ones.
Now, all the questionable extensions have been removed
Following Awake's report, which was sent last month, Google took note of the matter and removed all the questionable extensions from the Chrome Web Store.
However, the company did not say anything about the spyware involved, how many Chrome users might have been affected, how the extensions passed its vetting systems or were not flagged at a later stage.
Similarly, it also remains unknown who developed these malware-laced extensions for Chrome. The contact information provided while submitted them was fake, while the registrar - Galcomm - that sold the domains that the extensions connected to denied being involved in the matter.