• Skip to primary navigation
  • Skip to main content

Chrome Unboxed - The Latest Chrome OS News

A Space for All Things Chrome, Google, and More!

  • News
  • Reviews
  • Unboxing
  • Chromebooks
  • Upcoming
  • Deals
  • Tips
  • Podcast
  • Home
  • Gaming
  • SEARCH
You are here: Home / Apps / New report implicates domain registrar in massive ring of malicious Chrome Extensions
New report implicates domain registrar in massive ring of malicious Chrome Extensions

New report implicates domain registrar in massive ring of malicious Chrome Extensions

June 22, 2020 By Gabriel Brangers Leave a Comment

Another day, another cartload of random Chrome Extensions removed from the Web Store due to malicious activity. Only this time, the extensions may have more in common than meets the eye. Unlike many mass extension removals that share similar types of attacks or multiple extensions that all have the same developer behind them, the latest batch of rogue apps from the Chrome Web Store have all been traced back to a single, increasingly questionable domain registrar company in Israel that goes by the name GalComm.

The report that resulted in the removal of more than 100 Chrome Extensions originated from Awake Security. The company specializes in identifying online threats and uses AI to track a wide range of factors with the goal of detecting malicious software and the traits that those ever-evolving threats present. Using their “brain-mimicking” AI, Awake identified more than 100 extensions that were linked to “attack campaigns” of more than 15,000 associated domains.

Awake uncovered 15,160 domains tied to exploitive landing pages, malicious chrome extension command and control, and
related malware. 111 fake and malicious chrome extensions associated with these attack campaigns were harvested in the wild
from enterprise networks in only the past three months. These extensions were performing operations such as taking screenshots of the victim device, loading other malware, reading the clipboard, and actively harvesting tokens and user input

Awake Security

While malicious extensions are nowhere near uncommon, the cases are usually quite isolated with specific intents such as snagging user’s private keys, crypto wallets, site credentials, or what have you. As unnerving as those may be, this discovery by Awake Security hints at something on a much grander scale and is the reason for a manageable amount of alarm. The thousands of domains liked to these various types of attacks all resolve back to the GalComm registrar and Awake is convinced that the ICANN accredited company is involved directly with the misdoings.

As you will see in this report, this registrar, who also maintains a Registrar Accreditation Agreement with ICANN, is responsible
for putting far more malicious domains, malware, and exploitative content on the internet than legitimate content. We believe
the research and analysis summarized in this report proves that GalComm is at best complicit in malicious activity.

Shop All The Latest Chromebook Deals

GalComm has also been connected to three other web hosting and mobile app solutions companies. Two of which have been known for mass typo-squat attacks targeting a large number of Google-specific domains. This information doesn’t necessarily place GalComm as the triggerman for the malicious sites and extensions but the lack of response from the company and the fact that none of the sites appear to be removed indicates that the registrar is at minimum aware of the activity. Regardless of the company’s involvement, this issue raises a red flag that I hope Google will address moving forward. Chrome is the world’s most widely used browser and Chrome OS is quickly gaining users by the droves. The Chrome Web Store needs to be policed more than ever and I think it’s time that Google took the time to give the extension shop a major overhaul before millions of unknowing users fall victim to something disastrous.

The good news, for now, is that Google has removed the offending extensions and Awake continues to scan the web for these types of threats. If you’d like to read the full report from Awake Security, you can request a copy by heading to the company’s website here.

Get Alerted About New Posts On
Your Schedule
Sign Up For The Official Chrome Unboxed Newsletter
Latest Posts
  • PSA: Google Tasks now works in landscape mode on Chromebooks and it makes all the difference
  • Chrome OS turns 10 & we’ve partnered with Google for a very special giveaway to celebrate
  • Chrome OS 89 is here with a hat full of tricks
  • ASUS Chromebook Flip CX5 and CM5 appear on Google’s Chromebook page with pricing info

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)

Filed Under: Apps, Chrome, News

About Gabriel Brangers

Lover of all things coffee. Foodie for life. Passionate drummer, hobby guitar player, Web designer and proud Army Veteran. I have come to drink coffee and tell the world of all things Chrome. "Whatever you do, Carpe the heck out of that Diem" - Roman poet, Horace. Slightly paraphrased.

TWITTER | FACEBOOK | INSTAGRAM | YOUTUBE | EMAIL | ABOUT

Copyright © 2021 · Chrome Unboxed · Chrome is a registered trademark of Google Inc.
We are participants in various affiliate advertising programs designed to provide a means for us to earn fees by linking to affiliated sites.

GET EMAIL UPDATES

Privacy Policy

  • Reviews
  • Editorial
  • About