A Private security firm, AWAKE has found that some of the Google Chrome extensions are collecting user’s sensitive data, Key Strokes (Tracking Your Clicks on Keyboard), take screenshots and read clipboard & cookies data. These extensions are posing as file converters, web search improvements and as security scanners.
Please check all the extensions you have installed. Remove all the malware extensions immediately. Do not install any extension until and unless it is very much needed for you and do check the reviews of users before downloading.
Awake team as submitted a detailed report on it. All these extensions are registered under various domains. But all these are sharing data with Gal Communication (CommuniGal) Ltd (GalComm). After Awake has published these details Google has taken down these extensions from their store.
Google security tools couldn’t detect these extensions when they were allowed on extensions store. They are estimating that there were 33 Million downloads of these malware/fake extensions.
What To Do?
- Do not download all the available extensions.
- Download only critical extensions after verifying the publisher and reviews.
- Frequently Check and remove malware extensions.
- Check and remove existing unused extensions.
- Visit chrome://extensions or edge://extensions/ to remove Chrome based malware extensions.