“The Awake Security Threat Research Team has uncovered a massive global surveillance campaign exploiting the nature of Internet domain registration and browser capabilities to spy on and steal data from users across multiple geographies and industry segments. If anything, the severity of this threat is magnified by the fact that it is blatant and non-targeted—i.e. an equal opportunity spying effort.”
The cybersecurity firm Awake specifically identified the Google Chrome browser and domain registrar GalComm as being connected to this threat. Awake Security says that they have “more than 200 enterprise security teams” and that the operation is backed by “Greylock Partners and Bain Capital Ventures.” Private equity firm Bain has purportedly been involved at times in the manufactured housing industry, along with numerous others.
Google has reportedly acknowledged the problem and says they have been addressing it, according to CNN Business.
“We appreciate the work of the research community, and when we are alerted of extensions … that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses,” Google spokesperson Scott Westover said in a statement provided to CNN Business. “We do regular sweeps to find extensions using similar techniques, code, and behaviors, and take down those extensions if they violate our policies.” That later statement from Google, of course, begs the question – if they are doing regular sweeps, why did Awake find such massive problems with their browser’s security?
Odds are good that one or more of your devices uses the Google Chrome web browser.
According to tech-focused ZDNET, “in early March 2020, we know that the top web browser for the last three months — with 4.02 billion visits counted — was, drum-roll please, Google Chrome. While not as dominant as Internet Explorer (IE) once was — in 2002 IE owned the field with 96% market share — with 49.3% Chrome is well ahead of Apple Safari, with its 31.6%” market share. “In third place, and steadily declining, you’ll find the once-mighty IE with 5.7%.” ZDNet said that the “Firefox [browser] is declining into irrelevance.”
It should be kept in mind that Awake, which generated 30+ pages of research obtained by MHProNews found at this link here, is not only reporting, but is indirectly selling its services for threat cyberthreat detection. That noted, the fact that Google acknowledged the problem, and CNN Business along with others are reporting it, makes the concerns raised worthy of attention. Awake’s intro video is below.
The Toplines – What Awake Security Found
According to Awake:
- “Of the 26,079 reachable domains registered through GalComm, 15,160 domains, or almost 60%, are malicious or suspicious: hosting a variety of traditional malware and browser-based surveillance tools. Through a variety of evasion techniques, these domains have avoided being labeled as malicious by most security solutions and have thus allowed this campaign to go unnoticed. A tab-separated (TSV) list of these domains can be found here.” Notice: MHProNews and our affiliates use other domain registrars, and our domains are not on their list.
- “In the past three months alone, we have harvested 111 malicious or fake [Google] Chrome extensions using GalComm domains for attacker command and control infrastructure and/or as loader pages for the extensions. These extensions can take screenshots, read the clipboard, harvest credential tokens stored in cookies or parameters, grab user keystrokes (like passwords),
- To date, there have been at least 32,962,951 downloads of these malicious extensions—and this only accounts for the extensions that were live in the Chrome Web Store as of May 2020. For context, very few extensions have been downloaded more than 10 million times. A TSV list of IDs for these malicious Chrome extensions can be found here. A second TSV list including the IDs and names of just those extensions that were in the Chrome Web Store is available here. Awake has since worked with Google to take down these extensions from the Chrome Web Store.
- After analyzing more than 100 networks across financial services, oil and gas, media and entertainment, healthcare and pharmaceuticals, retail, high-tech, higher education and government organizations, Awake discovered that the actors behind these activities have established a persistent foothold in almost every network.
- Trust in the Internet and its infrastructure is critical. Exploiting key components of this infrastructure – domain registration, browsers, etc., shakes the foundation of trust and represents a risk to organizations and consumers alike. The research shows three critical areas of fragility with the Internet that are being exploited to passively, but maliciously surveil users…”
It would be the unusual for most professionals working in our industry not to be online several times during the course of a day. Given that almost half of all browsers are reportedly operating on Google’s Chrome platform, this alert for our readers merits serious attention.
The threat of secret screen captures, as Awake reports, could mean that banking, credit card, internet, and other accounts could be accessed by the purported criminal scheme. That makes the threat serious to severe.
MHProNews has periodically shared such alerts on malware, scams, and other schemes as a service to our readers.
MHProNews has organized relevant data beyond what Awake and CNN’s report provided to clarify the breadth of the concerns and risks. So, as this goes well beyond business threats to personal accounts, this is a report you may want to share with family and friends.
Programming note. MHProNews is in the process of revamping our industry-leading x2 weekly emailed headline news updates. The revisions should be completed by late June or early July. Watch for it.
First time visitors? See the recent reports following the byline and notices for more.
That’s a wrap on this installment of “Industry News, Tips, and Views Pros Can Use” © where “We Provide, You Decide.” © ## (Affordable housing, manufactured homes, reports, fact-checks, analysis, and commentary. Third-party images or content are provided under fair use guidelines for media.) (See Related Reports, further below. Text/image boxes often are hot-linked to other reports that can be access by clicking on them.)
By L.A. “Tony” Kovach – for MHLivingNews.com.
Tony earned a journalism scholarship and earned numerous awards in history and in manufactured housing. For example, he earned the prestigious Lottinville Award in history from the University of Oklahoma, where he studied history and business management. He’s a managing member and co-founder of LifeStyle Factory Homes, LLC, the parent company to MHProNews, and MHLivingNews.com. This article reflects the LLC’s and/or the writer’s position, and may or may not reflect the views of sponsors or supporters.
Connect on LinkedIn: http://www.linkedin.com/in/latonykovach
The text/image boxes below are linked to other reports, which can be accessed by clicking on them.