Malicious Chrome Extensions Downloaded Millions of Times


Google has deleted scores of fake and malicious Chrome extensions used in a devastating global eavesdropping effort. Identified by Awake Security, the threat was found in 111 of malicious extensions over the last three months. The company immediately notified Google of the extensions last month, noting that 79 of these extensions where in the Chrome Web Store, where they were downloaded by users over 33 million times.

These malicious extensions are able to take screenshots, read the clipboard, gather credential tokens in parameters or cookies, take user keystrokes like passwords, etc. Those behind the evil campaign evade enterprise security proxies, AV, and other cyber-security defenses.

“After analyzing more than 100 networks across financial services, oil and gas, media and entertainment, healthcare and pharmaceuticals, retail, high-tech, higher education and government organizations, Awake discovered that the actors behind these activities have established a persistent foothold in almost every single network.” stated the security company.

Cyber Liability Insurance is absolutely essential for the prosperous financial future and well-being of your company. A single attack could be immensely devastating and nearly impossible to fight off on your own. Our ERISA bond packages, which include an ERISA Fidelity bondFiduciary Liability Insurance and Cyber Liability Insurance, can help protect your company and its employee benefit plan from catastrophic damages to your brand and its valuable assets. Contact us to learn more about our ERISA packages and cyber coverage.