108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users

Security researchers at Socket have identified a campaign involving 108 malicious Google Chrome extensions communicating with a unified command-and-control (C2) infrastructure. The extensions target approximately 20,000 users by collecting sensitive data and enabling browser-level abuse through ad injection and arbitrary JavaScript execution on visited websites. The coordinated nature of the campaign, evidenced by shared C2 infrastructure across all extensions, suggests organized threat actor activity. Organizations should immediately audit installed Chrome extensions, remove unverified or unnecessary add-ons, and educate users about the risks of installing extensions from untrusted sources. Users should verify extension publishers and review requested permissions before installation.

Cybersecurity researchers have discovered a new campaign in which a cluster of 108 Google Chrome extensions has been found to communicate with the same command-and-control (C2) infrastructure with the goal of collecting user data and enabling browser-level abuse by injecting ads and arbitrary JavaScript code into every web page visited. According to Socket, the extensions (complete list

Security researchers at Socket have identified a campaign involving 108 malicious Google Chrome extensions communicating with a unified command-and-control (C2) infrastructure. The extensions target approximately 20,000 users by collecting sensitive data and enabling browser-level abuse through ad injection and arbitrary JavaScript execution on visited websites. The coordinated nature of the campaign, evidenced by shared C2 infrastructure across all extensions, suggests organized threat actor activity. Organizations should immediately audit installed Chrome extensions, remove unverified or unnecessary add-ons, and educate users about the risks of installing extensions from untrusted sources. Users should verify extension publishers and review requested permissions before installation. Cybersecurity researchers have discovered a new campaign in which a cluster of 108 Google Chrome extensions has been found to communicate with the same command-and-control (C2) infrastructure with the goal of collecting user data and enabling browser-level abuse by injecting ads and arbitrary JavaScript code into every web page visited. According to Socket, the extensions (complete list Cybersecurity researchers have discovered a new campaign in which a cluster of 108 Google Chrome extensions has been found to communicate with the same command-and-control (C2) infrastructure with the goal of collecting user data and enabling browser-level abuse by injecting ads and arbitrary JavaScript code into every web page visited. According to Socket, the extensions (complete list