Google's Chrome target of massive spying attack

It claims to offer ‘security you never have to think about’.

But Google Chrome users have some thinking to do right now.

Newly discovered spyware attacked them through 32 million downloads of extensions to the web browser.

That’s according to researchers at Awake Security, who spoke to Reuters.

Most of the extensions purported to alert users to questionable websites, or convert files from one format to another.

Instead they siphoned off browsing history and private data.

Google says it removed more than 70 of the malicious add-ons from its Chrome Web Store after being alerted by the researchers.

Based on the number of downloads, Awake says it’s the most far-reaching attack on the Chrome Store so far.

Google wouldn’t comment on the incident, or why it didn’t discover the malware itself.

It’s also unclear who was behind it, but experts say it could be organised crime or state actors.

Malicious developers have been exploiting the Chrome Store for some time.

In 2018 one in ten submissions were deemed suspicious.

That prompted Google to promise better security, in part by increasing human review of apps.

Video Transcript

- It claims to offer security you never have to think about. But Google Chrome users have some thinking to do right now. Newly discovered spyware attacked them through 32 million downloads of extensions to the web browser. That is according to researchers at Awake Security, who spoke to Reuters. Most of the extensions purported to alert users to questionable web sites or convert files from one format to another.

Instead, they siphoned off browsing history and private data. Google says it removed more than 70 of the malicious add-ons from its Chrome web store after being alerted by the researchers. Based on the number of downloads, Awake says it's the most far-reaching attack on the Chrome store so far. Google wouldn't comment on the incident or why it didn't discover the malware itself. It's also unclear who was behind it.

But experts say it could be organized crime or state actors. Malicious developers have been exploiting the Chrome store for some time. In 2018, one in 10 submissions were deemed suspicious. That's prompted Google to promise better security, in part by increasing human review of apps.