According to Awake, the extensions are presented as tools which improve internet searches, convert files to various formats, scan for viruses and more.
In reality, however, the Chrome extensions contained code that allowed them to bypass the security scans of Google's Chrome Web Store, to pull screenshots, yes read their clipboard users, yes collect cookies or yes monitor user typing.
The common denominator in all Chrome extensions was Mission data user in domains registered through the GalComm domain registrar.
In addition, many extensions share them same graphics and code base, with minor changes. In some cases, the extensions had him as well same issue number And the same descriptions.
Awake says that by May 2020, when it contacted Google, the 111 malicious extensions had been installed 32.962.951 times.
According to Awake, some of these Chrome extensions have been found in networks "Financial services, oil and gas companies, media and entertainment companies, healthcare and pharmaceutical services, technology companies, higher education institutions and government agencies". It is said that the extensions worked as backdoors and tools espionage, although there is no evidence to support this.
Only 5 of Awake's 111 extensions reported to Google are still live on the Chrome Web Store.
As always in such cases, Google has disabled extensions from users' browsers. Extensions are still installed, but have been disabled and marked as "malware" in the Chrome Extensions section browser.
The users can visit the page chrome: // extensions to see if they have installed any of the malicious extensions.