Google has removed 111 fraudulent extensions from the Chrome Web Store from 33 million downloads that were malicious, although they promised improvements to protect users’ personal data during the browsing experience. However, some researchers found that plugins did the exact opposite.

According to what was stated, these were add-ons developed by a single developer (as confirmed also by the references in the source code) that they stole authentication cookies, recorded the letters typed on the keyboard, captured screenshots and also read the contents of the clipboard, unbeknownst to users.

The complete list has not been released, but the particularly interesting and at the same time worrying aspect is represented by the number of downloads. The investigations conducted by the researchers led to the discovery of one network characterized by 15 thousand domains that had been created ad hoc to prevent Google’s system and antiviruses from recognizing extensions as malware or viruses.

It is unclear who is behind these extensions, but Awake Security claims that it is the most major malware campaign against the Chrome Web Store among those registered to date. The researchers warned the search engine last month and immediately started removing them.

For Chrome, this is another good news, after yesterday’s one on the lower RAM consumption on Windows 10.