On Thursday, Google removed over 100 Chrome browser extensions that it found to be malicious, after reports that they were being used to siphon sensitive user data. Google also published the research behind the apps, in which Awake Security alleges millions of Chrome users have been targeted by threat actors. The attackers use malicious Chrome extensions to steal data and to create persistent footholds on corporate networks to further compromise their systems.

Google found that 106 Trojan Chrome browser extensions were spying on users and targeting the networks of financial services, oil, gas, media, entertainment, healthcare, and pharmaceuticals. Google stated that it took action to remove malicious apps as soon as possible after receiving the feedback from Awake Security. Awake Security estimated that, in total, the now-removed extensions were downloaded 32 million times.