As of May 2020, Google’s Chrome Web Store has reportedly been hit with the most massive surveillance campaign so far, which managed to steal data from users around the world through over 32 million downloads of malicious extensions.<\/p>\n
<\/p>\n
The attacks were discovered<\/a> by cybersecurity firm Awake Security that claimed a single Internet Domain Registrar: CommuniGal Communication Ltd, or GalComm, facilitated the criminal activities. The firm explained in a dedicated report:<\/p>\n “GalComm has enabled malicious activity that has been found across more than a hundred networks we\u2019ve examined. Furthermore \u2013 the malicious activity has been able to stay hidden by bypassing multiple layers of security controls, even in sophisticated organizations with significant investments in cybersecurity.”<\/i><\/b><\/p><\/blockquote>\n There are 26,079 reachable domains registered through GalComm, with over 15,000 domains being malicious or suspicious, according to the report.<\/p>\n Over the past three months, the researchers found 111 malicious or fake Chrome extensions using GalComm domains for threat actor command and control infrastructure. Once downloaded, those extensions can collect credential tokens stored in cookies or parameters, passwords, take screenshots, and read the clipboard.<\/p>\n As of May 2020, Awake Security detected 32,962,951 downloads of malicious extensions in question. Moreover, the firm said<\/a> that the extensions\u2019 developers supplied false contact information when they submitted the add-ons to Google.<\/p>\n Also, the extensions were designed so they could skirt detection by antivirus companies or security software. Google ostensibly removed 70 of the malicious extensions from the Chrome Web Store.<\/p>\n In correspondence with Reuters, GalComm owner, Moshe Fogel, argued<\/a> that \u201cGal\u0421omm is not involved, and not in complicity with any malicious activity whatsoever. You can say exactly the opposite, we cooperate with law enforcement and security bodies to prevent as much as we can.\u201d<\/p>\n The number of cyber-attacks has indeed skyrocketed during the time of social unrest. In late May, researchers from cybersecurity firm ESET detected a modified version of ComRAT malware<\/a>, which now targets Gmail users to steal confidential documents. In addition to misappropriation of documents, the trojan collects information about the network, Microsoft Windows configurations, and the Archive Directory groups or users.<\/p>\n Threat actors also began exploiting the Black Lives Matter campaign<\/a> to distribute malware via email, which lures users to open an attached Microsoft Word file to \u201cleave a review confidentially about Black Lives Matter.\u201d Once a user opens the attached file, it initiates the installation of the so-called TrickBot trojan.<\/p>\n The global admiration for Zoom has brought about bad actors<\/a> taking advantage of it and developing new ways to infect users\u2019 computer systems. Once downloaded and installed, one of the malicious files that mimic the Zoom installer sets up a backdoor that enables criminals to initiate malicious processes remotely.<\/p>\n Follow us on <\/b>Twitter<\/b><\/a> and <\/b>Facebook<\/b><\/a> and join our <\/b>Telegram channel<\/b><\/a> to know what\u2019s up with crypto and why it\u2019s important.<\/b><\/p>\n","protected":false},"excerpt":{"rendered":" As of May 2020, Google’s Chrome Web Store has reportedly been hit with the most massive surveillance campaign so far, which managed to steal data from users around the world through over 32 million downloads of malicious extensions.<\/p>\n","protected":false},"author":6,"featured_media":9073,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"human_written","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1111,738,100,1113],"class_list":["post-9071","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybersecurity","tag-google","tag-malware","tag-surveillance"],"aioseo_notices":[],"amp_enabled":true,"views":"3812","promo_type":"1","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/9071","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=9071"}],"version-history":[{"count":2,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/9071\/revisions"}],"predecessor-version":[{"id":9099,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/9071\/revisions\/9099"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/9073"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=9071"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=9071"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=9071"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}32,962,951 Downloads of Malicious Extensions<\/h2>\n
Cyber Attacks Grow in Number<\/h2>\n