Fake Chrome Extensions Steal Logins, Inject Ads

More than 100 malicious Chrome browser extensions have been discovered hijacking user sessions, stealing credentials, and injecting unwanted ads, according to recent findings. The campaign, active since at least February 2024, involves an unidentified threat actor who has developed and distributed the rogue extensions under the guise of legitimate utilities and productivity tools.

The extensions are designed to secretly exfiltrate data, receive remote commands, and execute arbitrary code on infected systems. Attackers have also created fake websites that mimic authentic services, including tools for advertising, media creation, and analytics, in order to trick users into downloading the malware-laced software.

Once installed, the extensions operate covertly, compromising browser sessions and enabling unauthorized access to sensitive user data. The campaign highlights ongoing risks in browser extension ecosystems, where malicious actors exploit user trust to launch sophisticated attacks. Chrome users are advised to verify the authenticity of extensions and avoid downloading software from unverified sources.