108 Malicious Chrome Extensions Found Stealing User Data, Raises Browsing Security Concerns

Security researchers have uncovered over 100 malicious Chrome extensions in the Chrome Web Store, posing a significant threat to user privacy. These extensions, which include gaming tools, translation services, and social media enhancers, were designed to steal personal information without detection.

At least 54 of these extensions collected emails, profile details, and Google account identifiers. Others intercepted authentication tokens that could allow attackers to access accounts without passwords. The most concerning discovery was the presence of extensions targeting Telegram users, which extracted Telegram Web session data every 15 seconds, providing continuous access to private conversations.

Additionally, dozens of extensions installed dangerous software onto websites while changing browser protection features and redirecting users to undesired material. The infected devices contained 45 backdoor functions that allowed operators to control the system and access any website through remote commands.

The investigation traced these extensions back to a single command-and-control infrastructure, functioning as a Russian malware-as-a-service operation. Despite takedown requests, the flagged extensions remain operational in the store. Users are advised to check their installed extensions and remove any unknown ones while granting only necessary permissions.