- Jan 8, 2011
- 22,361
In-depth by Awake SecurityThe Security Defenses that Failed
These campaigns have been ongoing for years while customers have deployed best in class security solutions. The research shows how attackers attempted to evade detection, but the TTPs, in this case, appears to have hit a blind spot in many traditional approaches to security—e.g. reputation engines, sandboxes and endpoint detection and response solutions.
Security
Arista Cloud Network Data Security tools provide next-generation network firewalls featuring visibility and cybersecurity monitoring powered by Arista Networks CloudVision®
awakesecurity.com
ViaThis Chrome spyware campaign was massive
These Chrome spyware extensions were usually disguised as tools that would, ironically, protect users from malicious sites. Some were also legitimate tools that would convert files from one format to another. However, while running, all the extensions could secretly siphon data from the user’s internet activity.
- A third-party security team discovered a ring of Chrome spyware extensions all working together
- The extensions were apparently downloaded over 32 million times, affecting millions of Chrome browsers
- This news once again illuminates how weak Google’s oversight of Chrome extensions really is
According to Awake Security, the information collected by these Chrome spyware applications bounced around a criminal network of over 15,000 domains. Almost all of those domains were purchased from just one registrar called Galcomm, based in Israel.
When contacted by Reuters, Galcomm denied any involvement with the criminal ring of apps. However, Awake Security contacted Galcomm multiple times during its investigation, with Galcomm never responding. Reuters also tried to give Galcomm a list of the domains used to transmit the stolen data a whopping three times, with Galcomm never giving a substantial response to any of the messages.
Criminal ring of Chrome spyware extensions exposed, millions of users affected
A ring of malicious Chrome spyware extensions has been exposed by a security group. Google failed to notice the activity, and millions are affected.
www.androidauthority.com
Not just Chrome, but Chromium-based browsers that use Chrome Web Store.