Google removes more than 70 malicious Add-Ons from the Chrome Web Store

Google has just announced that it has removed more than 70 extensions on the Chrome Web Store (Chrome Web Store).

Add-Ons, Extensions (also known as extensions) are applications that users install on the browser to support that browser. However, sometimes hackers also take advantage of these Add-Ons themselves to spread malware as well as perform malicious acts targeting internet users.

After receiving a series of detailed reports of malicious activities related to some Chrome extensions containing malicious code, Google has just announced that it has deleted more than 70 extensions on the Chrome Store Online (Chrome Web Store). These are all Add-Ons that are supposed to contain malicious code or stealthily perform malicious activities (according to the discovery of international security company Awake Security), with a total of 32 million downloads and installs by Google users all over the world.

Google removes more than 70 malicious Add-Ons from the Chrome Web Store Picture 1 Chrome Web Store

This fact partly shows the failure of technology in general and security in particular to protect users on browser platforms, which are increasingly used for sensitive work related to email, payroll, finance, and more.

Talking about the incident, Scott Westover, a spokesman for Google, said:

'After receiving a warning that some of the Chrome Web Store extensions violated the platform's privacy policy, we immediately took action at the highest level. Also learn from this incident to improve security tools and automated censorship on the platform. "

Most extensions are intended to alert users about malicious activity on websites or the behavior of converting files from one format to another. In fact, they are used to illegally access browser history and collect logins stored on the platform. Having 70 extensions removed at the same time shows the seriousness of Google, and this has become the largest malicious add-on purge campaign ever on the Chrome Web Store. However, it is still not clear what the agent behind the above malware distribution is.

Here is the list of ID and the name of the malicious add-on that has been removed:

acmnokigkgihogfbeooklgemindnbine
apgohnlmnmkblgfplgnlmkjcpocgfomp
apjnadhmhgdobcdanndaphcpmnjbnfng (ViewPDF)
bahkljhhdeciiaodlkppoonappfnheoi (Search Manager)
bannaglhmenocdjcmlkhkcciioaepfpj (PDF Opener)
bgffinjklipdhacmidehoncomokcmjmh (easyconvert)
bifdhahddjbdbjmiekcnmeiffabcfjgh
bjpknhldlbknoidifkjnnkpginjgkgnm (doctopdf)
blngdeeenccpfjbkolalandfmiinhkak (ByteFence Secure Browsing)
ccdfhjebekpopcelcfkpgagbehppkadi (ByteFence Secure Browsing)
cceejgojinihpakmciijfdgafhpchigo (theeasywaypro)
cebjhmljaodmgmcaecenghhikkjdfabo
chbpnonhcgdbcpicacolalkgjlcjkbbd (TheSecuredWeb)
cifafogcmckphmnbeipgkpfbjphmajbc
clopbiaijcfolfmjebjinippgmdkkppj (mydocstopdf)
cpgoblgcfemdmaolmfhpoifikehgbjbf
dcmjopnlojhkngkmagminjbiahokmfig
deiiiklocnibjflinkfmefpofgcfhdga
dipecofobdcjnpffbkmfkdbfmjfjfgmn
dopkmmcoegcjggfanajnindneifffpck
dopmojabcdlfbnppmjeaajclohofnbol
edcepmkpdojmciieeijebkodahjfliif
ekbecnhekcpbfgdchfjcfmnocdfpcanj
elflophcopcglipligoibfejllmndhmp
eogfeijdemimhpfhlpjoifeckijeejkc
fcobokliblbalmjmahdebcdalglnieii
fgafnjobnempajahhgebbbpkpegcdlbf
fgcomdacecoimaejookmlcfogngmfmli
fgmeppijnhhafacemgoocgelcflipnfd
fhanjgcjamaagccdkanegeefdpdkeban
flfkimeelfnpapcgmobfgfifhackkend
fmahbaepkpdimfcjpopjklankbbhdobk
foebfmkeamadbhjcdglihfijdaohomlm
fpngnlpmkfkhodklbljnncdcmkiopide
gdifegeihkihjbkkgdijkcpkjekoicbl
gfcmbgjehfhemioddkpcipehdfnjmief
gfdefkjpjdbiiclhimebabkmclmiiegk
ggijmaajgdkdijomfipnpdfijcnodpip
ghgjhnkjohlnmngbniijbkidigifekaa
gllihgnfnbpdmnppfjdlkciijkddfohn
gmmohhcojdhgbjjahhpkfhbapgcfgfne
gofhadkfcffpjdbonbladicjdbkpickk
hapicipmkalhnklammmfdblkngahelln
hijipblimhboccjcnnjnjelcdmceeafa
hmamdkecijcegebmhndhcihjjkndbjgk
hodfejbmfdhcgolcglcojkpfdjjdepji
hpfijbjnmddglpmogpaeofdbehkpball
ianfonfnhjeidghdegbkbbjgliiciiic
ibfjiddieiljjjccjemgnoopkpmpniej
inhdgbalcopmbpjfincjponejamhaeop
iondldgmpaoekbgabgconiajpbkebkin
ipagcbjbgailmjeaojmpiddflpbgjngl
jagbooldjnemiedoagckjomjegkopfno
jdheollkkpfglhohnpgkonecdealeebn
jfefcmidfkpncdkjkkghhmjkafanhiam
jfgkpeobcmjlocjpfgocelimhppdmigj
jghiljaagglmcdeopnjkfhcikjnddhhc
jgjakaebbliafihodjhpkpankimhckdf
jiiinmeiedloeiabcgkdcbbpfelmbaff
jkdngiblfdmfjhiahibnnhcjncehcgab
jkofpdjclecgjcfomkaajhhmmhnninia
kbdbmddhlgckaggdapibpihadohhelao
keceijnpfmmlnebgnkhojinbkopolaom
khhemdcdllgomlbleegjdpbeflgbomcj
kjdcopljcgiekkmjhinmcpioncofoclg
kjgaljeofmfgjfipajjeeflbknekghma
labpefoeghdmpbfijhnnejdmnjccgplc
lameokaalbmnhgapanlloeichlbjloak
lbeekfefglldjjenkaekhnogoplpmfin
lbhddhdfbcdcfbbbmimncbakkjobaedh
ldoiiiffclpggehajofeffljablcodif
lhjdepbplpkgmghgiphdjpnagpmhijbg
ljddilebjpmmomoppeemckhpilhmoaok
ljnfpiodfojmjfbiechgkbkhikfbknjc
lnedcnepmplnjmfdiclhbfhneconamoj
lnlkgfpceclfhomgocnnenmadlhanghf
loigeafmbglngofpkkddgobapkkcaena
lpajppfbbiafpmbeompbinpigbemekcg
majekhlfhmeeplofdolkddbecmgjgplm
mapafdeimlgplbahigmhneiibemhgcnc
mcfeaailfhmpdphgnheboncfiikfkenn
mgkjakldpclhkfadefnoncnjkiaffpkp
mhinpnedhapjlbgnhcifjdkklbeefbpa
mihiainclhehjnklijgpokdpldjmjdap
mmkakbkmcnchdopphcbphjioggaanmim
mopkkgobjofbkkgemcidkndbglkcfhjj
mpifmhgignilkmeckejgamolchmgfdom
nabmpeienmkmicpjckkgihobgleppbkc
nahhmpbckpgdidfnmfkfgiflpjijilce
ncepfbpjhkahgdemgmjmcgbgnfdinnhk
npaklgbiblcbpokaiddpmmbknncnbljb
npdfkclmbnoklkdebjfodpendkepbjek
nplenkhhmalidgamfdejkblbaihndkcm
oalfdomffplbcimjikgaklfamodahpmi
odnakbaioopckimfnkllgijmkikhfhhf
oklejhdbgggnfaggiidiaokelehcfjdp
omgeapkgiddakeoklcapboapbamdgmhp
oonbcpdabjcggcklopgbdagbfnkhbgbe
opahibnipmkjincplepgjiiinbfmppmh
pamchlfnkebmjbfbknoclehcpfclbhpl
pcfapghfanllmbdfiipeiihpkojekckk
pchfjdkempbhcjdifpfphmgdmnmadgce (EasyConvert)
pdpcpceofkopegffcdnffeenbfdldock
pgahbiaijngfmbbijfgmchcnkipajgha
pidohlmjfgjbafgfleommlolmbjdcpal
pilplloabdedfmialnfchjomjmpjcoej
pklmnoldkkoholegljdkibjjhmegpjep
pknkncdfjlncijifekldbjmeaiakdbof
plmgefkiicjfchonlmnbabfebpnpckkk
pnciakodcdnehobpfcjcnnlcpmjlpkac
ponodoigcmkglddlljanchegmkgkhmgb

You can view the detailed report here if needed:

https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-in-store-extensions.txt

Isabella Humphrey

Update 21 June 2020

Google removes more than 70 malicious Add-Ons from the Chrome Web Store

You should read it

Maybe you are interested

More than 200 apps containing malicious code were discovered and downloaded millions of times on the Google Play Store.

Detection of malicious code infecting the web browsers of 300,000 PCs, silently stealing user data

The App Store was tricked into approving malicious apps

Google Chrome will warn users about password-protected malicious archive files

All VSCode users need to be wary of malicious extensions!

What are malicious apps? How dangerous are they?

Tech info