^°°^ Thanks for the quote, this has been my issue since I Downloaded the Tor app. The app had never worked on my android phone. This time with the orbit am fine and happy surfing the internet.
Hope no much damages will done in respect to this breach of users sensitive informations. I still use chrome mewcx extension to access my ethereum wallet, hope am safe too?. Google should be proactive to bring to an end this stupid act from dubious individuals or groups that are reaping where they haven't sow.
Topic: Chrome extensions with 33 million downloads slurped sensitive user data - page 2. (Read 530 times)
June 20, 2020, 04:18:26 AM
June 20, 2020, 03:28:02 AM
An important point in the link for users to note;
Using TOR browser from mobile device is a huge pain in the ass, hence, Chrome from mobile.
You could use the Orbot app which routes all your mobile data through Tor, and then use a non-spyware browser like Firefox or DuckDuckGo.
June 20, 2020, 01:42:06 AM
Another reason why we shouldn't trust Google and Google’s Chrome Web Store.
We all know how 'poor' their services are, specially in the last couple of months wherein we saw tons of fake crypto related apps in web store. But this report should put Google in the limelight again as obviously, their services have been taken advantage of cyber criminals, regardless if it is state sponsored or just hacking groups milking crypto enthusiast.
Spying campaign tied to 15,000 malicious or suspicious domains uploaded data.
Browser extensions downloaded almost 33 million times from Google’s Chrome Web Store covertly downloaded highly sensitive user information, a security firm said on Thursday in a report that underscores lax security measures that continue to put Internet users at risk.
The extensions, which Google removed only after being privately notified of them, actively siphoned data such as screenshots, contents in device clipboards, browser cookies used to log in to websites, and keystrokes such as passwords, researchers from security firm Awake told me. Many of the extensions were modular, meaning once installed, they updated themselves with executable files, which in many cases were specific to the operating system they ran on. Awake provided additional details in this report.
Company researchers found that all 111 of the extensions it identified as malicious connected to Internet domains registered through Israel-based GalComm. The researchers eventually found more than 15,000 registered through GalComm hosting malicious or suspicious behavior. The malicious domains used a variety of evasion techniques to avoid being labeled as malicious by security products.
https://arstechnica.com/information-technology/2020/06/chrome-extensions-with-33-million-downloads-slurped-sensitive-user-data/
We all know how 'poor' their services are, specially in the last couple of months wherein we saw tons of fake crypto related apps in web store. But this report should put Google in the limelight again as obviously, their services have been taken advantage of cyber criminals, regardless if it is state sponsored or just hacking groups milking crypto enthusiast.
Quote
Spying campaign tied to 15,000 malicious or suspicious domains uploaded data.
Browser extensions downloaded almost 33 million times from Google’s Chrome Web Store covertly downloaded highly sensitive user information, a security firm said on Thursday in a report that underscores lax security measures that continue to put Internet users at risk.
The extensions, which Google removed only after being privately notified of them, actively siphoned data such as screenshots, contents in device clipboards, browser cookies used to log in to websites, and keystrokes such as passwords, researchers from security firm Awake told me. Many of the extensions were modular, meaning once installed, they updated themselves with executable files, which in many cases were specific to the operating system they ran on. Awake provided additional details in this report.
Company researchers found that all 111 of the extensions it identified as malicious connected to Internet domains registered through Israel-based GalComm. The researchers eventually found more than 15,000 registered through GalComm hosting malicious or suspicious behavior. The malicious domains used a variety of evasion techniques to avoid being labeled as malicious by security products.
https://arstechnica.com/information-technology/2020/06/chrome-extensions-with-33-million-downloads-slurped-sensitive-user-data/
Jump to: