Technology browser spyware: Massive monitoring via Chrome extension discovered

14:15  18 june  2020
14:15  18 june  2020 Source:   t3n.de

Google: New guidelines are to further reduce spam in the Chrome Web Store

 Google: New guidelines are to further reduce spam in the Chrome Web Store © Provided by Martin Geuss (Blog Dr. Windows) Google Chrome The Chrome Web Store is the largest in today's world not only because of the dominance of Google Chrome in the browser market Marketplace for extensions worldwide, in the past few years he had to struggle with problematic extensions that later turned out to be malware and were removed by Google. In the recent past, the Mountain View group has already taken various steps to improve security.

SAN FRANCISCO (Reuters) - A newly discovered spyware effort attacked users through 32 million downloads of extensions to Google's market-leading Chrome web browser , researchers at Awake Security told Reuters, highlighting the tech industry's failure to protect browsers as they are used

Use the chrome .downloads API to programmatically initiate, monitor , manipulate, and search for downloads. Not the answer you're looking for? Browse other questions tagged google- chrome browser google- chrome - extension file-management browser - extension or ask your own question.

Neuer Spyware-Einbruch im Google Chrome Web Store. © Illustration New spyware break-in in the Google Chrome Web Store.

A new spyware incident shakes confidence in the security of the Google Chrome browser. Unsuspecting users downloaded malware from the Chrome web store around 32 million times.

More than 70 different Chrome extensions are suspected of having tapped sensitive user data from the Google browser and sent it to unauthorized third parties. In addition to the browser history, the attackers were primarily concerned with access data to business tools. The problem was discovered by the security experts at Awake Security.

Harmless extensions for format conversion prove to be Trojan horses

As Reuters reports, there was a danger of harmless-looking, free extensions that promised their users to convert file formats without problems or to warn against questionable websites. Google now claims to have removed all affected extensions from the web store.

Android's real-time captioning is coming to Chrome on desktops

  Android's real-time captioning is coming to Chrome on desktops You won’t need an Android phone to take advantage of Google’s real-time captioning before long. Techdows has noticed (via 9to5Google) that the latest Canary build of Chrome includes Live Caption support for media playing in the browser. You’ll have to enable the feature through an accessibility flag in the settings, but it should automatically caption music or videos without requiring special support. You can try it now on Chrome OS, Linux, Mac and Windows, although Canary versions of Chrome are very rough around the edges. You may have to wait a while if you want Live Caption in a beta or stable release.

The discovery of more malicious and fraudulent browser extensions is a reminder that you should be cautious when installing these tools in your browser . Recently researchers discovered that over 500 Chrome extensions on its official web store (ouch!) were stealing browsing data and executing click

Chrome Security Warning. Your Browser ( Chrome 65) Is Missing A Privacy Extension . Google Chrome Fatal Error! Bundling is used to promote unwanted content. Get rid of Chrome virus and recover a normal browser operation. Do not let government spy on you. Backup files for the later use

According to Google spokesman Scott Westover, in cases where reports of policy violations are reported, audits and actions will be taken to remedy the violation. In addition, the information obtained in this way would be used to sharpen the internal test algorithms and the manual controls in the web store.

Google did not want to comment on the extent of the incident and the potential damage for the affected Chrome users. The company also did not answer Reuters' question as to why the malware had to be discovered by an external security company and why Google's own controls had apparently been completely avoided.

Example of a malware extension. (Screenshot: Awake)

Awake boss: So far the most serious security incident in the Chrome web store

Gary Golomb, boss of the security company Awake Security, , which uncovered the scandal , becomes clearer. According to his findings, the now recognized spyware campaign was the largest malware breach in the web store that has been reported to date.

Chrome will soon group tabs together to save pack rats from themselves

  Chrome will soon group tabs together to save pack rats from themselves Google is introducing a new feature to Chrome that will have you asking how you lived without it before. The feature works almost exactly as you might imagine. To start sorting your tabs, right-click on a single one and press the "Add Tab to Group" option. When you create a new group, you can assign it a name and color to make it easily identifiable. If you feel like moving a tab to a different group afterward, you can do so by dragging and dropping it. Better yet, anytime you close and reopen Chrome, your groupings will load up automatically.

Install xdmbrowser and can not install the extension xdm browser monitor , because when looking says url not found. After the following link I downloaded the update and followed the same steps, to install the extension update, and everything is working perfectly.

browser _action lists the properties of the button located in extension bar in Chrome . background defines a script that is triggered when a user clicks our We now have a fully functioning extension (without spyware ) ready to put on the internet. spy .js. We are going to start by creating an event

It remains unclear who is behind the attack on the browser data of around 32 million users. As the experts at Awake found out, the attackers managed to place the malicious Chrome extensions in Google's web store, stating fake contact details. The extensions were designed in such a way that they could avoid being checked by antivirus and other security software.

In order to avoid a discovery, the extensions, according to Golomb, first checked whether they were executed on a home computer or within a company network. Within a company network, which is often protected with tools for traffic analysis, the extensions did not even try to start their espionage activity.

On home computers, on the other hand, the extensions connected directly to a whole series of websites, to which they then transmitted browser data. According to Awake chief Golomb, this simple method protected the extensions from being discovered for a long time. This is impressive in that the number of domains contacted by the extensions is more than 15,000.

Google will soon block battery-draining ads from loading in Chrome

  Google will soon block battery-draining ads from loading in Chrome Ads will be given finite resources“We have recently discovered that a fraction of a percent of ads consume a disproportionate share of device resources, such as battery and network data, without the user knowing about it,” said Marshall Vale, a product manager on the Chrome team in a blog. “These ads (such as those that mine cryptocurrency, are poorly programmed, or are unoptimized for network usage) can drain battery life, saturate already strained networks, and cost money.

If Google Chrome got infected with the browser -hijacking application, you should follow the instructions to get rid of all unwanted components from your browser Remove dangerous extensions Open Safari web browser and click on Safari in menu at the top Subscribe to 2- spyware .com newsletter!

Chroomium Browser is a fraudulent browser which looks almost similar to Google Chrome and Chromium . Remove dangerous extensions Open Safari web browser and click on Safari in menu at the top left of the screen. Discovered /Renewed Today

Small Israeli registrar comes into focus

It is striking that all of the 15,000 domains had been booked through the small Israeli registrar Galcomm. However, he denies any suspicions and claims that he has nothing to do with the espionage activities. Rather, they work closely with security and law enforcement agencies to clarify the process.

Awake boss Golomb is not convinced. In his opinion, Galcomm should have known, or at least could have known, what is behind the massive domain registration. In his view, the main reason for this is that Galcomm only manages around 26,000 domains at all, so it has to have a very clear portfolio.

In addition, he had contacted Galcomm several times by email and pointed out the misuse of the domains registered there without receiving a response. Reuters also sent the list of suspicious domains three times to Galcomm and received no substantive response.

At the Internet Corporation for Assigned Names and Numbers (Icann), the supervisor of the worldwide domain name system and thus the registrars, Reuters asked about experiences with Galcomm. So far, there have been no complaints that would indicate improper domain allocation or malware.

Remember Real Player? Now it wants to help you ID actors

  Remember Real Player? Now it wants to help you ID actors Chrome browser extension from Real is free and works with YouTube and Netflix. You can also access the technology in new RealPlayer 2020.Cut to today, and Real, which has been relatively quiet over the last decade, is back with what it says is its latest video viewing innovation: a facial recognition tool that can identity well known people who appear in a video.

This extension is not available via the Chrome Store, and must be copied from the user's machine. On Windows, you can find this extension here Getting support for Chromecasting should be easy with Brave Core since the Chromium UI has full extension support. We would just need to verify it's being

Affects only Chrome via its extension called Stream-It. Features. Sets itself as a new tab URL, homepage, and search provider. Repeat steps that are given above with all browsers ' shortcuts, including Internet Explorer and Google Chrome . Make sure you check all locations of these shortcuts

Google is hesitant to respond to new incidents

Chrome extensions with malicious potential are not new. External third parties keep finding malware in Google's Chrome web store. After the number of malware extensions rose to one in ten submissions in 2018, Google had promised to massively expand the security measures, especially in the area of ​​manual control.

Not only the current spyware incident with 70 extensions and 32 million users shows that too little must have happened. It was only in February that security experts from Cisco found a similar break-in , which subsequently led to the deletion of 500 extensions . 1.7 million users were affected.

It seems unlikely that Google will take more care of security problems in its own web store in the future, given the stereotypical promise that the web store will continue to be checked to find suspicious techniques, code or behavior.

Suitable for this: You should stay away from these apps and tools - fit your data on

Morocco asks Amnesty for proof it used spyware on journalist .
Morocco's prime minister has demanded Amnesty International provide evidence to support its allegations that Rabat used spyware to bug a journalist's phone. Amnesty said in June the Moroccan authorities used software developed by Israeli security firm NSO to insert spyware onto the cellphone of Omar Radi, a journalist convicted in March over a social media post. The Pegasus software can switch on the phone's camera and microphone as well as access data.

—   Share news in the SOC. Networks
usr: 0
This is interesting!