OVER 100 MALICIOUS CHROME EXTENSIONS STEAL USER DATA

Security researchers identified over 100 extensions in the Chrome Web Store engaged in coordinated attacks against users. The malicious software employs multiple tactics to compromise user security and privacy. The primary threat involves harvesting Google OAuth2 Bearer tokens, authentication credentials that grant access to Google accounts and associated services. Attackers obtaining these tokens can impersonate users and access sensitive data across Google's ecosystem, including Gmail, Drive, and other connected applications. Beyond token theft, the extensions deploy backdoors—hidden access points that allow attackers to execute commands on infected systems. This capability enables attackers to install additional malware, monitor user activity, or maintain persistent access to compromised devices. The extensions also participate in ad fraud schemes, generating fake clicks and impressions to steal advertising revenue. This activity inflates metrics for fraudulent ad networks while potentially exposing users to malicious advertisements. The discovery highlights a significant gap in the Chrome Web Store's vetting process. Despite Google's automated scanning systems, the malicious extensions evaded detection and accumulated substantial user bases before being identified. The presence of over 100 extensions suggests a coordinated campaign rather than isolated malicious uploads. Google has removed the identified extensions from the Web Store. However, any users who installed them remain at risk unless they uninstall the software and change their passwords. Users should audit their installed extensions and remove unfamiliar or unnecessary ones. Pay particular attention to extensions requesting broad permissions or unusual access to account data. Review connected apps and services on your Google Account settings page, revoking access for anything unfamiliar. This incident underscores the ongoing risks posed by browser extensions. While legitimate extensions enhance browser functionality, the platform's accessibility makes it a target for attackers. Users should download extensions only from trusted developers and review permissions carefully before installation.