Google says it has removed 70 malicious extensions from its Chrome Web Store. This comes after security researchers discovered a new spyware campaign that stole data from users using the extensions.
The nature of the extensions looked benevolent on the surface. Most of them were free, and claimed to warn users about shady websites, or convert files from one format to another. In reality, they were sending browsing history and login information to the attackers. These malicious extensions have been downloaded a total of over 32 million times.
In addition to being numerous, the malicious extensions also came with an interesting way of avoiding detection. If a victim was surfing the web from a home network, it sends sensitive data to to a series of malicious websites. But if a victim was using a corporate network, which is likely to have extra layers of security, the malicious extensions will not transmit any data it collects.
Earlier in the year, security researcher Jamila Kaya and Cisco Systems’ Duo Security discovered another spyware campaign that that collected data from about 1.7 million users. Google’s own investigation found 500 fake extensions. This serves as a reminder to be careful with what we add to our web browsers.