The Awake Security Threat Research Team announced a massive global surveillance campaign exploiting Internet domain registration and browser capabilities to spy on and steal data from users across multiple geographies and industry segments. According to the research, the criminal activity is being abetted by a single Internet Domain Registrar: CommuniGal Communication, or GalComm for short. GalComm has enabled malicious activity that has been found across more than a hundred networks.
Awake Security also announced that malicious activity could stay hidden by bypassing multiple layers of security controls. Research also stated that of the 26,079 reachable domains registered through GalComm, 15,160 domains, or almost 60%, are malicious or suspicious. These domains avoided being labeled as malicious by most security solutions and allowed this campaign to go unnoticed. The company has harvested 111 malicious or fake Chrome extensions using GalComm domains for attacker command and control infrastructure. These malicious extensions are downloaded at least 32,962,951 times.