100 Chrome Extensions Steal User Data, Create Backdoor

Security researchers have identified approximately 100 malicious Google Chrome extensions that were published through five separate developer accounts as part of a coordinated campaign. These extensions were designed to steal user data and establish backdoors on compromised systems. The campaign's sophistication is evidenced by shared command-and-control (C&C) infrastructure across all 100 extensions, suggesting a well-organized threat operation. Users who installed these extensions unknowingly exposed their personal data, browsing activity, and potentially sensitive credentials to threat actors. Organizations should immediately audit their browser extension inventories, remove any unapproved or suspicious extensions, and implement controls limiting which extensions employees can install. Using endpoint protection solutions that monitor browser extension behavior can help detect similar threats in the future.

Published through five accounts, the extensions appear part of a coordinated campaign based on shared C&C infrastructure. The post 100 Chrome Extensions Steal User Data, Create Backdoor appeared first on SecurityWeek .

Security researchers have identified approximately 100 malicious Google Chrome extensions that were published through five separate developer accounts as part of a coordinated campaign. These extensions were designed to steal user data and establish backdoors on compromised systems. The campaign's sophistication is evidenced by shared command-and-control (C&C) infrastructure across all 100 extensions, suggesting a well-organized threat operation. Users who installed these extensions unknowingly exposed their personal data, browsing activity, and potentially sensitive credentials to threat actors. Organizations should immediately audit their browser extension inventories, remove any unapproved or suspicious extensions, and implement controls limiting which extensions employees can install. Using endpoint protection solutions that monitor browser extension behavior can help detect similar threats in the future. Published through five accounts, the extensions appear part of a coordinated campaign based on shared C&C infrastructure. The post 100 Chrome Extensions Steal User Data, Create Backdoor appeared first on SecurityWeek . Published through five accounts, the extensions appear part of a coordinated campaign based on shared C&C infrastructure. The post 100 Chrome Extensions Steal User Data, Create Backdoor appeared first on SecurityWeek .