A newly discovered spyware effort attacked users through 32 million downloads of extensions to Google’s market-leading Chrome web browser, researchers at Awake Security told Reuters, highlighting the tech industry’s failure to protect browsers as they are used more for email, payroll and other sensitive functions.
Alphabet Inc’s Google said it removed more than 70 of the malicious add-ons from its official Chrome Web Store after being alerted by the researchers last month.
“When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyzes,” Google spokesperson Scott Westover told Reuters.
Most of the free extensions purported to warn users about questionable websites or convert files from one format to another. Instead, they siphoned off browsing history and data that provided credentials for access to internal business tools.
Based on the number of downloads, it was the most far-reaching malicious Chrome store campaign to date, according to Awake co-founder and chief scientist Gary Golomb.
Google declined to discuss how the latest spyware compared with prior campaigns, the breadth of the damage, or why it did not detect and remove the bad extensions on its own despite past promises to supervise offerings more closely.
Developers reportedly supplied fake contact info
It is unclear who was behind the effort to distribute the malware. Awake said the developers supplied fake contact information when they submitted the extensions to Google.
“Anything that gets you into somebody’s browser or email or other sensitive areas would be a target for national espionage as well as organized crime,” said former National Security Agency engineer Ben Johnson, who founded security companies Carbon Black and Obsidian Security.
The extensions were designed to avoid detection by antivirus companies or security software that evaluates the reputations of web domains, Golomb said.
If someone used the browser to surf the web on a home computer, it would connect to a series of websites and transmit information, the researchers found. Anyone using a corporate network, which would include security services, would not transmit the sensitive information or even reach the malicious versions of the websites.
“This shows how attackers can use extremely simple methods to hide, in this case, thousands of malicious domains,” Golomb said.
After this story’s publication, Awake released its research, including the list of domains and extensions.
All of the domains in question, more than 15,000 linked to each other in total, were purchased from a small registrar in Israel, Galcomm, known formally as CommuniGal Communication Ltd.
Awake said Galcomm should have known what was happening.
In an email exchange, Galcomm owner Moshe Fogel told Reuters that his company had done nothing wrong.
“Galcomm is not involved, and not in complicity with any malicious activity whatsoever,” Fogel wrote. “You can say exactly the opposite, we co-operate with law enforcement and security bodies to prevent as much as we can.”
Fogel said there was no record of the inquiries Golomb said he made in April and again in May to the company’s email address for reporting abusive behaviour, and he asked for a list of suspect domains.
After publication, Fogel said the majority of those domain names were inactive and that he would continue to investigate the others.
The Internet Corp for Assigned Names and Numbers, which oversees registrars, said it had received few complaints about Galcomm over the years, and none about malware.
Tightener security promised in 2018
While deceptive extensions have been a problem for years, they are getting worse. They initially spewed unwanted advertisements, and now are more likely to install additional malicious programs or track where users are and what they are doing for government or commercial spies.
Malicious developers have been using Google’s Chrome Store as a conduit for a long time. After one in 10 submissions was deemed malicious, Google said in a 2018 blog that it would improve security, in part by increasing human review.
But in February, independent researcher Jamila Kaya and Cisco Systems’s Duo Security uncovered a similar Chrome campaign that stole data from about 1.7 million users. Google joined the investigation and found 500 fraudulent extensions.
“We do regular sweeps to find extensions using similar techniques, code and behaviours,” Google’s Westover said, in identical language to what Google gave out after Duo’s report.
These are Samsung's Galaxy Buds Live wireless earbuds – MobileSyrup
Samsung Galaxy Buds Live has appeared in all its glory.
These new images are courtesy of Evan Blass, who has been remarkably consistent for several years. These new earbuds are a follow-up to Samsung’s current Galaxy Buds+ model but will come with a unique design in the shape of a kidney bean.
The wireless earbuds are rumoured to feature Active Noise Cancellation (ANC), have two speakers, multiple microphones, and will come with what seems to be a smaller charging case and resembles Apple’s AirPod case.
The Samsung Galaxy Buds Live is expected to be officially announced alongside the Note20 devices on August 5th.
Source: Evan Blass (Patreon)
Leaker suggests iPhone 12 Pro models will have 6GB of RAM – 9to5Mac
Apple is expected to introduce four new iPhone models later this year, with two models being part of the iPhone 12 lineup and the other two of the iPhone 12 Pro lineup. As we continue to learn more about the next generation iPhone, leaker @L0vetodream shared a hint today about the internal specs of these devices.
Apple is rumored to adopt the A14 chip built with a new 5 nanometer process for this year’s iPhones, but details on the hardware are still unclear. But according to @L0vetodream, the new System On a Chip (SoC) will include RAM upgrades for at least two of the 2020 iPhone models.
In a mysterious tweet, the leaker suggests that the Pro lineup will feature 6GB RAM, while the regular lineup will remain with 4GB RAM. The iPhone 11, iPhone 11 Pro and, iPhone 11 Pro Max features the A13 chip with 4GB RAM.
Rumors claims that Apple will launch the regular iPhone 12 in two sizes this year, with 5.4 and 6.1 inches, while the iPhone 12 Pro will be offered in 6.1 and 6.7 inches.
It’s worth mentioning that @L0vetodream correctly predicted several Apple announcements this year, from the new iPad Pro with Magic Keyboard to the redesigned macOS Big Sur.
— 有没有搞措 (@L0vetodream) July 9, 2020
Apple is yet to confirm when the next generation iPhone will be officially announced, which usually happens in September. You can read everything we already know about iPhone 12 in our full roundup.
FTC: We use income earning auto affiliate links. More.
Nintendo Treehouse Live Airs Friday With Reveal Of New WayForward Game – Nintendo Life
Nintendo has revealed that it will be broadcasting a Treehouse Live event on Friday 10th July (that’s today in the UK, but tomorrow if you’re in the United States) which will include gameplay footage of Paper Mario: The Origami King.
The event will also give us the first reveal of “a title in a franchise new to developer WayForward,” which is perhaps a more exciting prospect for many people than the Paper Mario footage. Before you get too excited, though, Nintendo has confirmed that the game is a third-party property, and not a Nintendo franchise.
Treehouse Live July 2020 kicks off at 10am PT.
Newfoundland and Labrador premier tries to allay border fears – The Telegram
James Murdoch's Firm to Invest in Ailing Art Basel Organizer – BNN
Canada not ready for second wave of COVID-19, Senate committee says – CBC.ca
Silver investment demand jumped 12% in 2019 – report – MINING.com
Iran anticipates renewed protests amid social media shutdown
Richmond BBQ spot speaks out about coronavirus rumours Vancouver Is Awesome
- News24 hours ago
New coronavirus cases, deaths continue to decline in Canada as cases top 106,400
- Tech23 hours ago
Lenovo Legion Phone officially coming on July 22 – GSMArena.com news – GSMArena.com
- News24 hours ago
Meghan seeks to stop publisher naming friends in UK legal battle
- Investment20 hours ago
ThreeD Capital Inc. Provides Update To Its Investment in Premium Nickel Resources And Announces Normal Course Issuer Bid – GlobeNewswire
- Health20 hours ago
Your view: Do you think COVID-19 vaccine will be ready by Aug 15? – Yahoo Canada Sports
- Media13 hours ago
Police: Pop Smoke's social media led killers to LA home – Times Colonist
- Economy20 hours ago
Biden targets Trump's edge on economy with manufacturing plan – BNN
- Science13 hours ago
How Local Photographer Captured These Stunning Images Of Comet NEOWISE In Skies Over Peterborough – PTBOCanada