Huge spyware attacked Chrome browser users |
Awake Security researchers told Reuters that recently discovered spyware had attacked users by downloading software more than 32 million times from Google to the market-leading Chrome browser, indicating that technology companies had failed to protect payroll and other secret tasks used in email browsers. .
Alphabet said: After the researchers warned them last month, more than 70 harmful additions were removed from the official Chrome Web Store, and Google spokesman Scott Westover told Reuters: When we received one, we violated the online marketplace when we got our plugins to notify you, take action and use these Juveniles as training materials for machine improvement and manual analysis.
Most of these free plugins pretend to warn users of problematic websites, but instead deduct their browsing history and data to allow data access to internal business tools. Depending on the number of downloads, this ad campaign was previously directed against Chrome. The store is the most dangerous. For the speech of Gary Golomb, founder of Awake Security.
It is not clear who is behind Awake Security: The developers provided incorrect contact information when sending attachments to Google, and Golump explained that these attachments are designed to avoid being categorized by web domains. It was discovered as an anti-virus or security program.
"Any information that reaches a user's browser, email, or other sensitive area is targeted," said Ben Johnson, a former National Security Agency engineer who developed carbon security and Obsidian. . The same applies to organized crime. "
Researchers found that someone who uses a browser to browse the Internet on a computer connects to a number of websites and transmits information while everyone uses the company's network security (including services) and does not transmit sensitive information and does not attempt to do this once to visit the malicious version of the site.
Golump said: "In this case, an attacker could use a very simple method to hide thousands of malicious domains, and all of the domains involved (over 15,000 domains) come from a small registrar called Galcomm (officially called CommuniGal) and they're connected." Communication Ltd and Awake Security said (Galcomm) should know what happened.
Although phishing plug-ins have been a problem for many years, the situation will only get worse. Malware developers have always used the online Chrome store as a sales channel. After classifying ten transmission methods as malicious, Google said in 2018: This will improve manual security checks by improving security.
Independent researcher Jamila Kaya and the Cisco Systems Duo Systems team conducted similar activities through the Chrome Web Store in February and stole data from about 1.7 million users. Google participated in the survey. I found 500 fraudulent additions.