Most Malicious Chrome extensions are operated by a single domain registrar and have been downloaded by millions of unsuspecting users.
Malicious Chrome extensions have been plaguing the Chrome Web Store for quite a while now. These extensions affect crypto traders the most as the extensions usually imitate legit crypto wallets. Moreover, crypto traders have usually stored the credentials for their crypto wallets on the device that can be stolen by malicious software.
According to a recent report by cybersecurity firm Awake Security, a single Internet domain registrar, CommuniGal Communication Ltd (GalComm), is responsible for most malicious chrome extensions. The report revealed that 26,079 domains had registered through GalComm. Among those, 15,160 domains turned out to be either malicious or suspicious. These domains host a multitude of malware and browser surveillance tools.
The domains gain privacy-threatening permissions such as access to the clipboard, credential tokens stored in cookies, and take screenshots. The firm reported that these extensions have been downloaded at least 32.9 million times. This number only accounts for the extensions that were still available at the Chrome Web Store in May 2020.
Malicious Chrome extensions
Many chrome extensions imitate crypto wallets such as Ledger to swindle unsuspecting crypto traders. The extensions act like wallets and ask for user’s credentials. The attackers then use this information to move funds from the user’s wallet to address controlled by the attackers.
The host of Protocol Podcast, Eric Savics became victim to one such scam while downloading a wallet extension. The hackers stole the 12 Bitcoins owned by Savics, a sum he had been accumulating for more than seven years to buy his first apartment.
You can read his story here.