It was recently discovered that more than 500 Google Chrome browser extensions downloaded millions of times from Google’s Chrome Web Store all uploaded private browsing data to attacker-controlled servers. The extensions were mostly advertised as tools for a variety of promotions and advertising services.
The internet has become a part of our every day lives and in such this is a reminder to be cautious when installing every day tools such as Google Chrome extensions. Reading user reviews and checking reports is always a good idea. If you don’t recognise an extension or you haven’t used it recently it should be removed.
The researchers found evidence the campaign was operating since at least January 2019, possibly as early as 2017. You can read more about the discovery here.
If you feel you’re in need of a technical cyber security audit get in touch with us today.