Millions of Chrome browser users ‘hit by spyware breach in Google’s Web Store’

Millions of Chrome browser users were exposed to a record spyware breach linked to add-ons downloaded from Google’s official Web Store, security researchers have found.

The discovery is believed to be one of the biggest such attacks and resulted in Google removing more than 70 malicious extensions for its market-leading software.

Most of the free browser extensions - downloaded about 32 million times - claimed to warn users about unsafe websites or convert files from one format to another.

However, they were found by California-based Awake to instead be hoovering up users’ browsing history and website logins.

Researchers found that when a user surfed the web with a compromised Chrome browser on their personal computer that it would in fact connect to a series of third-party websites harvesting their information. Some of the offending add-ons discovered by Awake included TheSecureWeb, Search Manager, MyDocstoPDF and EasyConvert.

However, when systems were connected to corporate networks they were found not to have transmitted sensitive data or connect to the harvesting sites.

Based on the number of downloads, it appears to be the most far-reaching malicious Chrome store campaign targeting personal data, Awake co-founder Gary Golomb told Reuters.

But it is unclear who was behind the effort to distribute the spyware as Awake found the developers supplied fake contact information when they submitted the extensions to Google.

Mr Golomb said: “This shows how attackers can use extremely simple methods to hide, in this case, thousands of malicious domains.”

He added the extensions were designed to avoid detection by antivirus and security software meant to evaluate the integrity of web domains.

More than 15,000 of the re-direct sites syphoning people's data were found by Awake after reportedly being purchased from a web registrar in Israel, which denied any involvement or complicity in their improper use.

Former National Security Agency engineer Ben Johnson said: “Anything that gets you into somebody’s browser or email or other sensitive areas would be a target for national espionage as well as organised crime.”

Google had previously said it would improve the security of Chrome, which has about two billion active installs, by increasing human review of browser extensions.

However, the latest revelations come after a similar spyware was discovered in April affecting about 1.7 million users, followed by a Google investigation uncovering 500 fraudulent extensions.

Google spokesman Scott Westover said: “When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses."

He added: “We do regular sweeps to find extensions using similar techniques, code and behaviours.”