More than 100 malicious fake Google Chrome browser extensions have been downloaded, totaling nearly 33 million downloads, according to a study by security firm Awake.

Security researchers discovered 111 malicious extensions that are downloaded by Google Chrome browser users to spread dangerous spyware.

Reuters reported that these extensions claimed to warn of dangerous websites and change file formats, but were actually malicious.

Some of the extensions did not appear in the Chrome Web Store and instead installed the Chromium open source version of Chrome, which could run without Google's approval, according to Awake's full report.

Awake said the extension was able to, among other malicious operations, take screenshots of victims' devices, load malware, read clipboards, as well as harvest tokens and user input.

The company also found that attackers were able to use the infrastructure of 15,160 malicious or suspicious domains to bypass sandboxes, endpoint detection and response solutions, and web proxies.

The cybercriminals purchased the domain names from GalComm, an Israel-based domain registrar; GalComm's owner told Reuters that he had no knowledge of the company being used as part of a malicious campaign.

However, the Awake report stated that nearly 60% of the GalComm registered domains that Awake researchers were able to reach were "malicious or suspicious." It added that "GalComm is at best complicit in malicious activity."

Awake co-founder and chief scientist Gary Golomb suggested that this is the most widespread malicious campaign found in the Google Chrome store.

The researcher told Reuters that attackers used fake contact information when applying for extensions to be published on the Chrome Web Store, although it is not certain who is behind the attack.

Last month, Google removed 79 extensions after learning of the malicious ones. Scott Westover, a spokesman for the tech giant, told Reuters: "When we are alerted about web store extensions that violate our policies, we take action and use those incidents as training material to improve our automated and manual analysis. to improve our automated and manual analysis.

"Rogue extensions usually require permissions that allow further access to data on the machine that users must be alerted to," ESET security specialist Jake Moore told Tom's Guide.

"It is important to check what permissions browser extensions require, especially if they are free, as some can be harmful. "Just like downloading anything to your device, Google cannot independently verify each extension, so it's always a good idea to be wary of add-ons."

If you have a Chrome browser extension installed but do not need it now, you can always go to chrome://extensions/ and disable it without removing it. (Doing so will make Chrome run faster and free up memory on your computer.

Less interestingly, here is a complete list of extension IDs for all 111 malicious Chrome (and Chromium) extensions that Awake has discovered.

Unfortunately, you will need to do this manually to see if the extensions you have added to Chrome are on this list.

Right-click or control-click on the icon of a running extension in the upper right corner of your browser and select "Manage Extensions." A new tab will open describing the extension and something like "chrome://extensions/?id=oiigbmnaadbkfbmpbfijlflahbdbdgdf." will appear in the tab's address bar.

This long string of gibberish is the 32-character extension ID. Compare each extension's ID to the list below, and if any match, remove that extension.