Fake Chrome Extensions Mimic Fortinet to Steal Data

A malicious campaign targeting Google Chrome users is leveraging more than 100 fake browser extensions to steal data and execute remote commands. The extensions, available through the Chrome Web Store, masquerade as legitimate services including Fortinet security tools, YouTube utilities, VPNs, AI assistants, and cryptocurrency platforms. Once installed, the extensions covertly exfiltrate browser cookies and allow attackers to run remote scripts without user consent.

The campaign demonstrates a growing trend in cyber threats that exploit trusted branding to bypass user suspicion and gain access to sensitive data. By mimicking popular and credible applications, the malicious extensions significantly increase their chances of installation, posing a broader risk to enterprise and individual users alike.

Google has not provided details about the removal status of these extensions as of now. Users are urged to review permissions before installing browser add-ons and to monitor for any unusual browser behavior that may indicate compromise.