News:

Willkommen im Notebookcheck.com Forum! Hier können sie über alle unsere Artikel und allgemein über Notebook relevante Dinge disuktieren. Viel Spass!

Main Menu

“Massive criminal surveillance campaign” of malicious Google Chrome extensions stole data from over 32 million users: do you have these installed?

Started by Redaktion, June 19, 2020, 13:57:19

Previous topic - Next topic

Redaktion

A report by Awake Security indicates that 70 Google Chrome extensions, downloaded by over 32 million people, have been stealing user data and browsing history on a massive scale. The large-scale operation was enabled by a malicious domain registrar, GalComm.

https://www.notebookcheck.net/Massive-criminal-surveillance-campaign-of-malicious-Google-Chrome-extensions-stole-data-from-over-32-million-users-do-you-have-these-installed.476943.0.html

Vivian

If Awake can post simple plain text name of these chrome extension, it might be more user friendly.
Well, even though I don't use Chrome for eons already, I am still interested in whether these plugin are cross platform, and whether these threat actor also tried to penetrate via other browser.
Lets hope Google might try to improve privacy on Chrome in near future, unlikely, but one can hope.

John McCormick





Bhasker Thodla

I saved the file as a text file with a CSV extension and opened it with Excel to get a table. Not sure if I can post it here but it worked.

_MT_


KernellPanic


Rick1024

Control A to copy the list then open a Google Sheet (probably work in Excel Also), then click into the top left cell. Right click and Select Paste Special, then Select Paste Values Only

This will paste it neatly into Rows and Columns in Sheets and make it very readable.

A

What extensions need is url level permissions and cookie permissions. So you can control which urls each extension can communicate with or which url it can set cookies for.

Henry Soul

It's ironic that the origin of these malware-ridden extensions is the same country that produces the Intel chips with security 'vulnerabilities' in them. The names of the extensions are as follows:

name_slug
securify-for-chrome
browse-safer
search-manager
doctopdf
easyconvertdefault-search
easyconvert
bytefence-secure-browsing
browsing-protector
secure-web-searching
easyconvert
viewpdf
viewpdf
quickmail
search-manager
search-manager
bytefence-secure-browsing
search-manager
secured-search-extension
search-manager
thedocpdfconverter
search-manager
search-manager
viewpdf
search-manager
viewpdf
viewpdf
gofiletopdf
doctopdf
doctopdf
doctopdf
viewpdf
bytefence-secure-browsing
search-manager
browsing-safety-checker
viewpdf
search-manager
pdf-opener
search-manager
viewpdf
easyconvert
securify-for-chrome
doctopdf
search-manager
pdf-opener
search-manager
doctopdf
search-manager
pdf-opener
thedocpdfconverter
doctopdf
pdf-opener
search-manager
ttab
mydocstopdf
doctopdf
thedocpdfconverter
easyconvert
pdf-opener
theeasywaypro
viewpdf
viewpdf
viewpdf
viewpdf
search-manager
search-by-convertfilenow
quicklogin
pdf-opener
easyconvert
easyconvert
mydocstopdf
doctopdf
easyconvert
mydocstopdf
pdf-ninja-converter
pdf2doc
thesecuredweb-protected-b
easyconvert
search-by-convertpdfpro
convertwordtopdf

Mikemail

"malicious domain registrar, GalComm"

Were they the malicious actor, or did someone else register the domains through them?

Quick Reply

Warning: this topic has not been posted in for at least 120 days.
Unless you're sure you want to reply, please consider starting a new topic.

Name:
Email:
Verification:
Please leave this box empty:

Shortcuts: ALT+S post or ALT+P preview