Over 100 malicious extensions, in the Google Chrome Web Store, reportedly stealing users’ data, including Google account credentials and active session tokens, it emerged on Wednesday.
On Wednesday, security researchers at Socket revealed that 108 harmful extensions were identified after analyzing Google’s browser repository.
The extensions were found to fall into five main categories: Telegram sidebar clients, slot machine and Keno games, YouTube and TikTok enhancement tools, text translation utilities, and general browser utilities.
According to the report cited by TechRadar, a single threat actor is believed to be behind all 108 extensions. These extensions are designed to harvest authentication tokens, allowing attackers to hijack active sessions and gain access to services such as Gmail and Telegram without needing passwords or two-factor authentication codes.
Researchers also found that some extensions were using Chrome’s declarativeNetRequest API to strip security headers from websites. This technique can open hidden backdoors and even enable ad injection, increasing the level of compromise.
What You Should Do
- Open chrome://extensions in your browser and check for any unfamiliar or suspicious extensions.
- Remove any extension that looks suspicious, especially those in the categories mentioned above.
- If you used any Telegram-related extensions, log out of all active Telegram Web sessions via the “Devices” section in the mobile app.
- If you logged in with Google credentials through any of these tools, consider your account compromised, change your password, and revoke access for any third-party tools in your Google account settings.
