Researchers at Awake Security, a company specialized in information security, told Reuters that they have discovered a spy campaign that targeted users of the Chrome browser by downloading harmful add-ons to the most popular browser, highlighting the failure of the technology industry to protect browsers as it is used more for email penetration. And other sensitive information.

Google, owner of the search engine, Alphabet, said it had removed more than 70 harmful add-ons from the official Chrome Web Store after researchers alerted them last month, and 32 million downloads of harmful add-ons to Google's Chrome web browser were detected.

Most free add-ons deceive users by claiming they are programs that detect suspicious websites, and some claim they are programs that convert files from one format to another. But it browses the sites the user is browsing, his email and private data such as passwords and user names of some internal programs.

"When we are alerted about extensions in the online market that violate our policies, we take action, and we use these incidents as training materials to improve machine and manual analytics," Google spokesman Scott Westover told Reuters.

Google declined to discuss the extent of the harm this campaign compared to previous campaigns, or why it did not discover these bad additions on its own despite previous promises to closely oversee this type of program.

Based on the number of downloads, this campaign has been the most damaging to Chrome store so far, according to AWAC founder and chief scientist Gay Golomb.

The latest spy campaign targeted users to Chrome by downloading harmful add-ons (Anatolia)

The researchers found that if someone uses web surfing on a home computer, they will connect to a series of websites and pass on information. A corporate network, which may include security services, cannot be used to access sensitive information or even to access harmful versions of websites.

It is unclear who was behind the malware distribution efforts. Oak said that the developers provided false contact information when they sent the extensions to Google.

"Anything that takes you to a person's browser, email, or other sensitive areas will be the target of national espionage and organized crime," said Ben Johnson, a former National Security Agency engineer who founded the security companies Carbon Black and Obsidian Sign.

Golomb returned to indicate that the plugins were designed to avoid being detected by anti-virus companies or security software that assesses the reputation of web domains.

"This shows how attackers can use very simple methods to hide thousands of malicious fields in this case," he added.

Malware developers have long been using Google Chrome Store. There is one in ten harmful downloads on this channel, despite Google’s pledge in 2018 that it will improve security on its browser by increasing human review of additional applications downloaded to the browser.