Google took immediate action to remove the Chrome Web Store after security company Awake reported the discovery of 111 malicious or counterfeit Chrome extensions. Based on Awake feedback, these problem extensions can take screenshots, read clipboards, steal credentials, monitor keystrokes, and more. Awake says this is probably one of the most malicious activity for Chrome users, as all of these extensions have been downloaded more than 32 million times.
“So far, these malicious extensions have downloaded at least 32,962,951 times, and this is only the number of downloads from the Chrome Web Store in May 2020,” Awake said in an official blog post. And some extensions have been downloaded more than 10 million times. “
While it is unclear who was behind the mega-event and how many users were affected, the domain name used by the attackers was from a company based in Israel. “Of the 26,079 accessible domain names registered through GalComm, 15,160, or nearly 60 percent, are malicious or suspicious: through various circumvention techniques, these domain names avoid being maliciously labeled by most security solutions, so that the event is not detected,” says Awake. “