The malware was uncovered by Awake Security (via Reuters), which reported the findings to Google. 70 extensions have now been removed from the Chrome store as a result, although they have not been named.
The extensions had been downloaded 32 million times, and claimed to keep users safe from dangerous websites, or to convert files to different formats.
Frustratingly for anyone who had installed them, any antivirus software designed to warn of suspicious activity would have probably been unable to detect them as malware. This is because of the devious way in which they worked, using around 15,000 different websites that were purchased by the hackers and all linked to each other.
This isn’t even the first time in 2020 that this kind of security problem has hit Google Chrome: back in February a similar piece of research found 71 extensions were uploading private browsing data, and following more investigation, just over 500 extensions had to be removed from the Chrome Web Store.
When Reuters quizzed Google on why this latest spyware had managed to slip past its systems for detection, the company declined to discuss it. Google spokesman Scott Westover told Reuters , “When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses”.
“We do regular sweeps to find extensions using similar techniques, code and behaviors,” he added.
Clearly those sweeps aren’t totally effective, and it’s ultimately down to users to be vigilant about which extensions they install.
Our advice is to only install an extension you absolutely need, and even then, do your own research to try and ascertain whether it’s safe to use. If you no longer need an extension, remove it from Chrome.
If you’ve never done an audit, then head to chrome://extensions (type this into Chrome’s search bar, or click the three dots and go to More tools > Extensions) and remove anything you don’t use or need.
Also, if you don't run security software on your devices, you should consider doing so. Here are our recommendations for the best antivirus. However, the other obvious thing you can do is to do what what we said at the start, use a different web browser.