Google says it has removed more than 70 malicious add-on extensions from the Chrome Web Store after they were found to be spying on users.
These malicious add-ons were downloaded over 32 million times, and were found by security firm Awake Security. The firm alerted Google, after which the tech giant took down the add-ons.
“When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses,” a Google spokesperson told Reuters.
Most of the add-ons claimed to warn users about unsafe websites or posed as services that could convert files formats. The add-ons instead attempted to steal users’ browser history and sensitive data that provided credentials for internal business tools.
Researchers from Awake Security believe that due to a large number of downloads, this was the most malicious Chrome store campaign. Google did not comment on how this latest spyware compared with previous malicious campaigns, and also did not discuss the severity of the damage.
It’s also unknown who was responsible for the spyware campaign, since the developers had added fake contact information when they submitted the add-ons.