Security News

Google pulls 106 malicious Chrome extensions

Avast Security News Team, 26 June 2020

Plus, more newsbytes of the week including an iOS flaw and Twitter billing leak

Security researchers have discovered what they believe to be a global surveillance campaign whereby attackers were using malicious Google Chrome browser extensions to steal data and spy on over 100 networks. Threatpost reported that the researchers suspect millions of Chrome users were targeted across the industries of financial services, oil and gas, media and entertainment, healthcare and pharmaceuticals, and government organizations. The malicious extensions could surreptitiously take screenshots, log keystrokes, read the clipboard, and more. They were free and marketed as browser helpers that convert files or alert users when they land on a suspicious website. After reading the report, Google removed 106 browser extensions from the Chrome Web Store. 

The researchers also maintain that Israel-based domain registrar CommuniGal Communication Ltd. (GalComm) assisted in the covert operations, as they found over a hundred malicious extensions using GalComm domains as loader pages or command and control bases. GalComm owner Moshe Fogel told Reuters that the company has not engaged in any wrongdoing or malicious activity whatsoever. 

“It’s only normal for cybercriminals to target Chrome, as it’s the leader in browsers with 68% market share,” commented Avast Security Evangelist Luis Corrons. “Regarding extensions, it’s best if we limit ourselves to those developed by known companies. There are other solutions out there as well, such as Avast Secure Browser.”

iOS clipboard flaw puts users at risk

A vulnerability in the iOS clipboard function allows any active app to access its contents without notifying the user. According to Forbes, the flaw – which also affects the Universal Clipboard, enabling the mobile apps to read associated desktop clipboards as well – was discovered in February 2020, at which time the researchers alerted Apple. They say Apple insisted that the clipboard function was running perfectly at the time. However, the recent announcement of iOS14, coming this fall, includes a fix for the flaw in precisely the fashion recommended initially by the researchers. 

This week’s stat

1.3 million

The number of records stolen from the popular Stalker Online game and sold on the dark web. Read more at InfoSecurity.

80,000 printers exposed online

The nonprofit organization Shadowserver Foundation, committed to improving cybersecurity practices around the world, published a report warning companies about leaving printers exposed online. Printers connected to the internet without access controls or authorization mechanisms in place are vulnerable to attacks such as data theft, service tampering, and remote command execution. Scanning billions of routable addresses around the world, the researchers found a daily average of 80,000 exposed printers online. Users are advised to enable their printer security functions. 

Ransomware disguises as COVID-19 tracer app

Just days after Health Canada announced the development of a voluntary COVID-19 contact tracing app, a phony app appeared on a couple of fraudulent websites, pretending to be the official tracing app but actually hiding a new strain of ransomware. As soon as they were discovered to be malicious, the two domains offering the fake tracing app were shut down. The real Health Canada COVID-19 app is expected to be ready sometime in July. More on this story at ZDNet

This week’s quote

“I don’t think schools can protect students against themselves to the extent that they could and should be protected. The toothpaste is never going back in the tube.” – Colin Bastable, CEO of Lucy Security, a cybersecurity training company, on securing K-12 students while schooling remotely.

Twitter informs customers of exposed billing details

Social network giant Twitter emailed its business customers this week to warn them of a security lapse that may have put their billing information at risk. Standard procedure had been to store business clients’ billing data in the browser’s cache, but this made the information vulnerable to being accessed by others. Data stored in the cache included email addresses, phone numbers, and the last four digits of the user’s credit card. “As soon as we discovered this was happening, we resolved the issue and communicated to potentially impacted clients to make sure they were aware and informed on how to protect themselves moving forward,” Twitter spokesperson Laura Pacas told TechCrunch.  

This week’s ‘must-read’ on The Avast Blog

Adware is prevalent online, even at reputable stores like the Google Play Store. Learn more about adware apps found by Avast researchers and how to avoid downloading adware on your phone. 


Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all your devices with our award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN. Get advertisers off your back and disguise your online identity for greater privacy with Avast AntiTrack.