The New Rootkit: How Malicious Chrome Extensions Enabled a Global Surveillance Campaign

  • Wednesday, 24 Jun 2020 2:00PM EDT (24 Jun 2020 18:00 UTC)
  • Speaker: Gary Golomb

Much of our personal and professional digital lives are today spent in a browser. Whether checking your email or social networks, connecting into work or school, managing customer relationships or employees as well as managing IT and security infrastructure itself--it all happens through the browser. It is no surprise then that attackers have recognized that crown-jewels for organizations are accessible through the browser, and easily we might add. Browser extensions sit \passively" in there but can do everything from logging your keystrokes, taking screenshots of your desktop, to stealing authentication tokens and cookies. This information can then be used to build a digital profile of you and your organization--something that is useful to an entire spectrum of advertisers, cyber criminals and nation states.

Over months of research Awake uncovered a campaign that has used hundreds of malicious Chrome Extensions to perform surveillance at a massive scale. The research shows that this criminal activity is being abetted by a single Internet Domain Registrar: CommuniGal Communication Ltd. (GalComm). If you thought Cambridge Analytica was dangerous because it used your Facebook data, imagine how much more data is available when all your browser activity is being monitored!

Join this webinar to:

  • Learn details on this campaign, how it stayed under the radar for so long and where the investigative trail leads to
  • Explore case studies of the campaign that show how Chrome extensions were used for malicious purposes, data mining and stealing intellectual property
  • Discuss threat hunting and mitigation techniques to help you manage risk especially in light of the fact that these Extensions bypassed existing security controls such as endpoint detection and response as well as web proxies