Behind an entire catalogue of malicious Chrome extensions? Allegedly, a domain registrar

Security company has accused an Israeli domain registrar for registering thousands of malicious domains powering Chrome malware

Ax Sharma
4 min readJun 26, 2020

Originally published at on June 26, 2020.

It is not unusual for malware to use malicious C&C servers and domains. However, what we learn this week is something entirely different, sinister and going at a much larger scale.

In a report published by the Awake Security Threat Research Team this week, we learn of an internet domain registrar which has enabled domain registrations, of which almost 60% are for malicious domains!

The Israeli company, CommuniGal Communication Ltd. aka GalComm continues to run its operations today.

“Of the 26,079 reachable domains registered through GalComm, 15,160 domains, or almost 60%, are malicious or suspicious: hosting a variety of traditional malware and browser-based surveillance tools.”

Awake Security has stated that some evasion techniques were at play that let the malicious domains slip past most security controls and detection tools.