1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Google Chrome users beware experts warn over 100 Web Store exten

    From TechnologyDaily@1337:1/100 to All on Wednesday, April 15, 2026 12:30:27
    Google Chrome users beware experts warn over 100 Web Store extensions found stealing user data from thousands of accounts

    Date:
    Wed, 15 Apr 2026 11:25:00 +0000

    Description:
    All extensions seem to have been made by a single actor, possibly of Russian origin.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Tech Radar Pro Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Become a Member in Seconds Unlock instant access to exclusive member features. Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. You are
    now subscribed Your newsletter sign-up was successful Join the club Get full access to premium articles, exclusive features and a growing list of member rewards. Explore An account already exists for this email address, please log in. Subscribe to our newsletter Socket finds 108 malicious Chrome extensions stealing tokens and data Extensions harvest Google account info, hijack Telegram sessions, and open backdoors Likely Russian MaaS operation; 20,000+ installs, still live in Web Store A single threat actor has apparently smuggled more than 100 malicious browser extensions into the official Google Chrome Web Store, looking to steal authentication tokens, and establish backdoors to peoples devices.

    Analyzing Googles browser repository, security researchers Socket found 108 extensions split into five distinct categories: Telegram sidebar clients,
    slot machines and Keno games, YouTube and TikTok enhancers, text translation tools, and browser utilities. While on the surface, all of those worked as intended, in the background they were doing all sorts of malicious things. Article continues below You may like Fake Chrome AI extensions targeted over 300,000 users to steal emails, personal data and more - here's what we know Over half a million VKontakte accounts hijacked using malicious Chrome extensions More malicious browser extensions uncovered - Chrome, Firefox, and Edge all affected TIered system and new announcements For example, a cluster of 78 extensions was seen injecting attacker-controlled HTML into the user interface, while 54 extensions were harvesting emails, names, profile pictures, and Google account IDs.

    They also stole Google OAuth2 Bearer tokens. A third group of 45 extensions works as a backdoor, fetching commands from the C2 infrastructure and opening arbitrary URLs. A few extensions stripped security headers and injected ads into YouTube and TikTok.

    However, the most dangerous extension was seen stealing Telegram Web sessions every 15 seconds, extracting data from local storage and the session token
    for Telegram Web.

    While the extensions were published from five separate profiles, they all connected back to the same command-and-control infrastructure, which suggests that this is all the work of a single threat actor. Judging by the comments
    in the code for authentication and session theft, Socket concluded that this was most likely a Russian malware-as-a-service (MaaS) operation. However, it was not able to attribute the campaign to a specific actor, or cluster. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro
    newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    Some sources said the extensions were installed at least 20,000 times by now and that despite Sockets takedown requests, Google has not yet removed the extensions from the repository - so if you are using any of these, it would
    be best to uninstall them immediately. The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/google-chrome-users-beware-experts-warn -over-100-web-store-extensions-found-stealing-user-data-from-thousands-of-acco unts


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)