Google Chrome Extensions and Communigal Communication Ltd. (Galcomm) domains have been exploited in a campaign that aims to track users' activities and data.
Wake Security had found 111 malicious or fake Chrome Extensions in the last three months using Galcomm domains as Command & Control (C&C) infrastructure. There have been at least 32 million downloads of these malicious extensions. The campaign used nearly 15.160 Galcomm registered domains to host malware and browser-based monitoring tools. That is almost 60% of the domains that can be reached with this registrar.
Galcomm affirms that it is not involved. The attacks successfully avoided detection through sandboxes, endpoint security solutions, domain reputation services, and others. The financial, oil and gas, media, retail, education, and government sectors were affected.
More about this at trendmicro.de