Recently, security researchers discovered that 106 Chrome browser extensions contained malicious scripts. The scripts were engineered to collect sensitive user data.
Financial services, oil and gas, healthcare, retail, high-tech, education and other groups may have run these browser extensions on their systems, enabling bad actors to spy into networks. By May of 2020, these extensions had been downloaded 32 million times.
One security research group believes that all of these extensions were built by the same threat actors, via a GalComm domain. “…many extensions also appeared to share the same graphics and codebase, with slight changes.”
Chrome has removed the majority of these extensions from the Chrome Web Store, with the remaining few are due for removal shortly. In step with standard practice, these Chrome extensions have been deactivated within users’ browsers.