It had over 32 million downloads.

It disguised itself as file transfers or protection against strange websites, but was actually used to download browsing history and retrieve login information - via screenshots, reading the clipboard, collecting cookies and URL parameters, as well as a keyboard entry. In addition, the issue of the role of the GalComm domain registrar, through which attackers had registered thousands of domains, is debatable in the case. Of the 26,079 domains with this registrar, almost 60 percent are malicious or suspicious. See Google removes malicious browser add-ons from the Chrome Web Store after 32 million downloads, and more specifically in Discovery of a Massive, Criminal Surveillance Campaign.