108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users

Security researchers from Socket have identified a campaign involving 108 malicious Google Chrome extensions communicating with a shared command-and-control (C2) infrastructure. The extensions, which have been downloaded by approximately 20,000 users, are designed to harvest user credentials and sensitive data while enabling browser-level abuse through ad injection and arbitrary JavaScript execution on all visited web pages. This supply chain attack exploits the trust users place in browser extensions from the Chrome Web Store. Organizations should immediately audit installed browser extensions, remove any untrusted or unnecessary add-ons, and educate users about the risks associated with installing extensions from unofficial sources. Security teams should monitor for suspicious network communications and unusual browser behavior.

Cybersecurity researchers have discovered a new campaign in which a cluster of 108 Google Chrome extensions has been found to communicate with the same command-and-control (C2) infrastructure with the goal of collecting user data and enabling browser-level abuse by injecting ads and arbitrary JavaScript code into every web page visited. According to Socket, the extensions are published

Security researchers from Socket have identified a campaign involving 108 malicious Google Chrome extensions communicating with a shared command-and-control (C2) infrastructure. The extensions, which have been downloaded by approximately 20,000 users, are designed to harvest user credentials and sensitive data while enabling browser-level abuse through ad injection and arbitrary JavaScript execution on all visited web pages. This supply chain attack exploits the trust users place in browser extensions from the Chrome Web Store. Organizations should immediately audit installed browser extensions, remove any untrusted or unnecessary add-ons, and educate users about the risks associated with installing extensions from unofficial sources. Security teams should monitor for suspicious network communications and unusual browser behavior. Cybersecurity researchers have discovered a new campaign in which a cluster of 108 Google Chrome extensions has been found to communicate with the same command-and-control (C2) infrastructure with the goal of collecting user data and enabling browser-level abuse by injecting ads and arbitrary JavaScript code into every web page visited. According to Socket, the extensions are published Cybersecurity researchers have discovered a new campaign in which a cluster of 108 Google Chrome extensions has been found to communicate with the same command-and-control (C2) infrastructure with the goal of collecting user data and enabling browser-level abuse by injecting ads and arbitrary JavaScript code into every web page visited. According to Socket, the extensions are published