Find another malicious attack for the Chrome users and the massive spying Campaign is launched or executed with the help of Chrome browser extensions and aimed to be streal sensitive data of users.
A researcher from the awake security has uncovered more than 111 malicious chrome extensions that are using GalComm Domains from the command and control the operation.
The CommuniGal communication Ltd.(GalComm) is an Israel based internet domain register which was founded in 2000.
Extensions and Domains
From Awake security, they observed that almost 60% of the domains registered by the GalComm are found malicious. When they are used for serving malware or involved in surveillance activities.
The domains were used by the various evasion techniques that stay undetected by the most security solutions.
You see the complete list of the domains: Link
About 111 malicious extensions use GalComm domains for the C&C and they are aiming to take screenshots that read the clipboard and harvest credentials tokens which are stored in cookies or parameters and grab the user keystrokes and monitor other activities.
The extensions are downloaded for more than 32,962,951 times from the chrome web store which is the extensions alone download 10 million times.
“Based on the number of the downloads it was far-reaching a malicious chrome store to date “ as the co-founder of awake mentioned.
The malicious extensions are posed to offer file conversion and other utility servers but their goal is to user data
Most of the surveillance campaign specifically targets users “Financial services, gas and oil, media and entertainment, healthcare and pharmaceuticals, retails high tech, higher education and government organizations.”
Google does not share any details about how the spyware apps are unfiltered with the play store.
The Domain registrar company Galcomm told that “His company had done nothing wrong and the company is not involved and not in complicity with any malicious activity whatsoever”
These types of campaigns are serious these days and they are really doing the best job to spy your browsing history.
Found this article informative? Follow Vednam on Facebook, Twitter, Mix, Tumbler, and Linkedin to know more exclusive content we post.
[…] “We have notified individuals that were part of a data security incident associated with Reemployment Assistance claims. This issue was addressed within 1 hour after we became aware of the incident. While the incident was handled within 1 hour, in an abundance of caution, we are making available identity protection services at no charge to affected individuals, and we have also advised them to report any unauthorized activity on their financial accounts. At this time, we have not received any reports of malicious activity.” […]