Awake Security reported it found at least 111 "malicious or fake" Chrome extensions capable of taking screenshots, stealing login credentials and capturing passwords as users typed them. The campaign impacted a wide range of sectors including financial services, healthcare and government organizations. Awake linked the spyware to Galcomm, an Israeli web-hosting company that claims to manage around 250,000 browser domains. The company refuted parts of Awake's report, saying 25% of the domains Awake claimed to have checked were not Galcomm domains or had been deleted, but said little about the other 75%. Google says all the extensions flagged by Awake have since been removed. -GEG

Google Chrome extensions downloaded more than 32 million times were used to spy on the popular browser's users in a massive global surveillance campaign, according to a new report.