Get an iPad mini, ASUS ZenScreen LED Monitor, or $350 Off with OnDemand Training thru 5/19


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

The New Rootkit: How Malicious Chrome Extensions Enabled a Global Surveillance Campaign

  • Wednesday, June 24, 2020 at 2:00 PM EDT (2020-06-24 18:00:00 UTC)
  • Gary Golomb


  • Awake Security

You can now attend the webcast using your mobile device!



Much of our personal and professional digital lives are today spent in a browser. Whether checking your email or social networks, connecting into work or school, managing customer relationships or employees as well as managing IT and security infrastructure itself--it all happens through the browser. It is no surprise then that attackers have recognized that crown-jewels for organizations are accessible through the browser, and easily we might add. Browser extensions sit "passively" in there but can do everything from logging your keystrokes, taking screenshots of your desktop, to stealing authentication tokens and cookies. This information can then be used to build a digital profile of you and your organization--something that is useful to an entire spectrum of advertisers, cyber criminals and nation states.

Over months of research Awake uncovered a campaign that has used hundreds of malicious Chrome Extensions to perform surveillance at a massive scale. The research shows that this criminal activity is being abetted by a single Internet Domain Registrar: CommuniGal Communication Ltd. (GalComm). If you thought Cambridge Analytica was dangerous because it used your Facebook data, imagine how much more data is available when all your browser activity is being monitored!

Join this webinar to:

  • Learn details on this campaign, how it stayed under the radar for so long and where the investigative trail leads to
  • Explore case studies of the campaign that show how Chrome extensions were used for malicious purposes, data mining and stealing intellectual property
  • Discuss threat hunting and mitigation techniques to help you manage risk especially in light of the fact that these Extensions bypassed existing security controls such as endpoint detection and response as well as web proxies

Speaker Bio

Gary Golomb

Chief Scientist & Co-Founder, Awake Security; heads up security research at Awake. He has nearly two decades of experience in threat analysis and has led investigations and containment efforts in a number of notable cases. With this experience - and a track record of researching and teaching state-of-the art detection and response methodologies - Gary is focused on helping Awake improve security craft as the company's chief research officer. Prior to Awake, Gary was one of the first employees at Cylance. He was also a co-founder of Proventsure, which was acquired by NetWitness and ultimately by RSA. He served in the United States Marines 2nd Force Reconnaissance Company.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.