Malicious Browser Add-Ons Hit 722 in Latin America

A new cyber campaign has infected at least 722 users across Latin America with malicious browser extensions since early 2025, cybersecurity researchers said. The operation primarily targets users in Brazil and focuses on Chromium-based browsers to harvest authentication data.

According to researchers from Positive Technologies, the attackers use phishing emails to lure victims into downloading the extensions. In many cases, the emails were distributed from servers of already compromised companies, making the malicious messages appear more legitimate and increasing the likelihood of successful infiltration.

Once installed, the rogue extensions allow threat actors to siphon sensitive data, potentially compromising user accounts and access credentials. The scale and specificity of the campaign indicate a coordinated effort to undermine browser security in the region.

Researchers have not yet disclosed the full scope of the attackers’ infrastructure or the identities of the groups involved. Users are advised to remain cautious and verify the authenticity of browser extensions and email sources.