One of the main selling points for Google’s Chrome browser is the ability to customize it to perform different tasks according to your individual needs. Need a handy PDF maker or file converter, want to match a color from a website, or just turn that New Tab into a convenient notepad? There’s an Chrome extension for that, as well as a wide selection to integrate other products you’re already using, like MS Office or Evernote. Customizing Chrome is as easy as adding apps to your phone.

As with all conveniences, though, there’s a dark side and some bad actors. Google just removed 106 extensions from its web store after discovering they were illegally collecting user data. According to Google, this was part of a “massive global surveillance campaign” specifically aimed at industries including healthcare, finance and petroleum. How massive? 33 million downloads of these extensions alone.

Besides loading malware, these add-ons were taking screenshots of victims’ devices, reading the clipboard and harvesting user input. Worse still, they were able to game Google’s system to appear legitimate by faking thousands of good reviews in the Google Play store. This on the heels of another 500 extensions removed by the Big G in February of this year for serving up adware, among other sins.

So if malware can be made to look legitimate, how can you tell a good extension from a bad one? Look for extensions with a track record over time, and look for “best of” roundups on sites outside the Google Play store. Neither is foolproof, but it’s a start.

It’s also a good idea to look at any extensions you’re already installed and get rid of those you don’t use regularly. In your Chrome browser’s address bar, type chrome://extensions to see a list, and uninstall any you’re not using.

Questions about cybersecurity or other business IT issues? Contact Hill Tech Solutions.