Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

The Devastating Consequences of Malicious Chrome Extensions: A Threat to User Privacy and Security



A recent discovery by Socket has revealed a shocking coordinated effort by 108 malicious Google Chrome extensions to steal sensitive data from approximately 20,000 users. This incident highlights the critical need for enhanced browser security measures and vigilance among users when it comes to browser extensions. Read more about this alarming development and its implications on user privacy and security.

  • Researchers at Socket discovered a cluster of 108 malicious Google Chrome extensions communicating with a single C2 infrastructure.
  • The extensions, installed over 20,000 times, stole data from approximately 20,000 users and highlight the need for enhanced browser security measures.
  • 54 extensions stole Google account identities via OAuth2, while 45 contained universal backdoors that opened arbitrary URLs.
  • Users are advised to remove malicious extensions immediately and log out of Telegram Web sessions to prevent further data exfiltration.



    • In a shocking revelation that has sent shockwaves throughout the cybersecurity community, researchers at Socket have discovered a cluster of 108 malicious Google Chrome extensions that have been found to communicate with a single command-and-control (C2) infrastructure. This coordinated effort by these rogue extensions has resulted in the theft of sensitive data from approximately 20,000 users, highlighting the critical need for enhanced browser security measures.

    The malicious extensions, published under five distinct publisher identities – Yana Project, GameGen, SideGames, Rodeo Games, and InterAlt – have collectively amassed about 20,000 installs in the Chrome Web Store. This staggering number underscores the potential reach of these malicious extensions and serves as a stark reminder of the importance of rigorous app review processes.

    According to Kush Pandya, security researcher at Socket, all 108 extensions route stolen credentials, user identities, and browsing data to servers controlled by the same operator. Furthermore, an in-depth analysis of the source code has revealed that Russian language comments are present across several add-ons, which raises concerns about potential ties to malicious actors with international connections.

    Among the 108 malicious extensions, 54 add-ons steal Google account identity via OAuth2, while 45 extensions contain a universal backdoor that opens arbitrary URLs as soon as the browser is started. The remaining ones engage in a variety of malicious behaviors, including exfiltrating Telegram Web sessions every 15 seconds, stripping YouTube and TikTok security headers, injecting gambling overlays and ads, injecting content scripts into every page visited, and proxying all translation requests through the threat actor's server.

    In an attempt to create a veneer of legitimacy, the identified extensions masquerade as Telegram sidebar clients, slot machine and Keno games, YouTube and TikTok enhancers, text translation tools, and page utilities. The advertised functionality is diverse, aiming to cast a wide net, while sharing the same backend.

    The scope of this malicious campaign highlights the critical need for users to be vigilant when it comes to browser extensions. Users who have installed any of these malicious extensions are strongly advised to remove them immediately and log out of all Telegram Web sessions from the Telegram mobile app to prevent further data exfiltration.

    Moreover, this incident serves as a stark reminder of the importance of robust cybersecurity measures and enhanced browser security features. The Chrome team has taken swift action by releasing an update that addresses these vulnerabilities and mitigates the risks associated with malicious extensions.

    In conclusion, the discovery of 108 malicious Google Chrome extensions highlights the critical need for enhanced browser security measures and vigilance among users when it comes to browser extensions. As cybersecurity threats continue to evolve, it is imperative that individuals prioritize their online security and take proactive steps to protect themselves from such malicious activities.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/The-Devastating-Consequences-of-Malicious-Chrome-Extensions-A-Threat-to-User-Privacy-and-Security-ehn.shtml

  • https://thehackernews.com/2026/04/108-malicious-chrome-extensions-steal.html

  • https://www.socdefenders.ai/item/9274fabb-0584-44f0-9d00-f003d3fdd837

  • https://socket.dev/blog/108-chrome-ext-linked-to-data-exfil-session-theft-shared-c2

  • https://cyberwebspider.com/the-hacker-news/malicious-chrome-extensions-google-telegram/

  • https://www.scam-detector.com/validator/gamegen-codes-review/

  • https://www.scam-detector.com/validator/gamegen-vip-review/

  • https://consumer.ftc.gov/articles/malware-how-protect-against-detect-and-remove-it

  • https://cyberattackmap.net/

  • https://vpnoverview.com/internet-safety/malware/malware-infected-games/


    • Published: Tue Apr 14 04:42:04 2026 by llama3.2 3B Q4_K_M


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us