You won't believe what 108 malicious Chrome extensions are stealing from you right now
Researches have identified 108 Chrome extensions that stole Telegram messages and exposed Google account information.
Cybersecurity researchers with Socket's Threat Research Team identified 108 malicious Chrome extensions that stole Telegram messages and exposed Google account information. The researchers found that these extensions had been downloaded over 3 million times, with some of the most popular ones including Video Converter, YouTube video downloader, and Instagram downloaders. The malicious extensions used various techniques to evade detection, including code obfuscation and anti-debugging techniques. The researchers reported their findings to Google, which has since removed the extensions from the Chrome Web Store.
The exposure of Google account information puts users' personal data at risk, including their email, password, and other sensitive information. This can lead to identity theft, phishing attacks, and other types of cybercrime, ultimately affecting users' financial security and online safety. For instance, a compromised Google account can be used to reset passwords for other online services, such as banking or social media accounts. This can result in significant financial losses for affected individuals.
The discovery of these malicious Chrome extensions is part of a larger trend of cyber threats targeting popular web browsers. In recent years, there have been numerous cases of malicious extensions being used to steal user data, including a 2020 incident in which over 30 million users were affected by a malicious extension campaign. The Chrome Web Store's open nature and lack of stringent vetting processes make it a vulnerable target for malicious actors. Insiders know that the store's popularity and ease of use also make it an attractive platform for legitimate developers, which can sometimes lead to a lack of scrutiny.
Google is expected to release a detailed report on the incident in the coming weeks, which will provide more information on the affected extensions and the measures being taken to prevent similar incidents in the future. The company has also announced plans to implement additional security measures, including enhanced extension vetting and monitoring. A surprising detail is that some of the malicious extensions were able to evade detection for over a year, highlighting the need for more robust security protocols and user awareness.
You won't believe how devices are designed to control your kids' minds
Google's Secret Laptop Project: What Does it Mean for the Future of Tech?
You won't believe what hackers just stole from Rockstar Games - and what they're demanding in return
Microsoft's Shocking Price Hike: Are Surface PCs Now Out of Reach?
You won't believe what Microsoft just did to protect your Windows computer from hackers
This new app can wake you up at the perfect time to arrive at work, no matter where you are on your commute