You won't believe what 108 malicious Chrome extensions are stealing from you right now
Researches have identified 108 Chrome extensions that stole Telegram messages and exposed Google account information.
Cybersecurity researchers with Socket's Threat Research Team identified 108 malicious Chrome extensions that stole Telegram messages and exposed Google account information. The researchers found that these extensions had been downloaded over 3 million times, with some of the most popular ones including Video Converter, YouTube video downloader, and Instagram downloaders. The malicious extensions used various techniques to evade detection, including code obfuscation and anti-debugging techniques. The researchers reported their findings to Google, which has since removed the extensions from the Chrome Web Store.
The exposure of Google account information puts users' personal data at risk, including their email, password, and other sensitive information. This can lead to identity theft, phishing attacks, and other types of cybercrime, ultimately affecting users' financial security and online safety. For instance, a compromised Google account can be used to reset passwords for other online services, such as banking or social media accounts. This can result in significant financial losses for affected individuals.
The discovery of these malicious Chrome extensions is part of a larger trend of cyber threats targeting popular web browsers. In recent years, there have been numerous cases of malicious extensions being used to steal user data, including a 2020 incident in which over 30 million users were affected by a malicious extension campaign. The Chrome Web Store's open nature and lack of stringent vetting processes make it a vulnerable target for malicious actors. Insiders know that the store's popularity and ease of use also make it an attractive platform for legitimate developers, which can sometimes lead to a lack of scrutiny.
Google is expected to release a detailed report on the incident in the coming weeks, which will provide more information on the affected extensions and the measures being taken to prevent similar incidents in the future. The company has also announced plans to implement additional security measures, including enhanced extension vetting and monitoring. A surprising detail is that some of the malicious extensions were able to evade detection for over a year, highlighting the need for more robust security protocols and user awareness.
You won't believe the tiny computer that's smaller than a credit card but can do almost everything your laptop can
GPS Alternatives: Can Hackers Outsmart Starlink's Location Lockdown?
You won't believe the price drop on this powerful robot vacuum
Legendary Nintendo Creator Retires: What's Next for Gaming?
You're not as private as you think: Instagram just removed end-to-end encryption for DMs, and here's what that means for you
You Won't Believe What Apple Is Being Sued For: Is Your iCloud Account Really Yours?