108 Chrome Extensions Found Injecting Ads and Stealing User Data
All secretly communicating with the same command server
For years, users have been cautious about downloading suspicious APK files on smartphones, but browser extensions often receive far less scrutiny. Recently, security firm Socket revealed that 108 Chrome extensions have been identified as malicious, with a combined total of over 20,000 downloads. These extensions act as tools for data theft and ad injection, silently compromising users.
What makes this situation particularly alarming is that although the extensions appear to be published by different developers, deeper analysis shows that they all communicate with the same command-and-control (C2) server. This strongly indicates a coordinated and professional operation specifically designed to target users. On the surface, these extensions disguise themselves as harmless tools or casual games.
Some of the most popular extensions found in this campaign include Web Client for TikTok, which has over 2,000 installs, as well as social management tools like Web Client for Telegram – Teleside, YouSide – Youtube Sidebar, and utility tools such as Clear Cache Plus and Speed Test for Chrome – WiFi SpeedTest. Even games like Formula Rush Racing Game and Black Beard Slot Machine were found to contain hidden malicious behavior.
If you have any of these extensions installed, it is strongly recommended to remove them immediately. The process is simple: click the three-dot menu in the top-right corner of Google Chrome, select Extensions, then go to Manage Extensions, and remove anything suspicious. Reports indicate that some of these harmful extensions are still available on the Chrome Web Store and have not yet been fully removed.
The immediate impact may start with unexpected ads appearing on websites, generating revenue for the attackers. However, the more serious concern is data harvesting, which could lead to leaks of sensitive information such as passwords or financial data. If you have logged into accounts or performed transactions while using these extensions, it is highly recommended to change your passwords immediately.
This situation serves as a critical reminder that browser extensions should be treated with the same caution as software installations. Extensions that request access to all website data should be carefully reviewed. In a digital world where personal data can be worth millions of dollars, even a small oversight can result in irreversible loss of sensitive information.
Origin: Androidpolice
