""All 108 route stolen credentials, user identities, and browsing data to servers controlled by the same operator," security researcher Kush Pandya said in an analysis."
"Of these, 54 add-ons steal Google account identity via OAuth2, 45 extensions contain a universal backdoor that opens arbitrary URLs as soon as the browser is started."
"The advertised functionality is diverse, aiming to cast a wide net, while sharing the same backend. Unbeknownst to the users, however, malicious code running in the background captures session information."
Researchers identified 108 Google Chrome extensions linked to a single command-and-control infrastructure aimed at stealing user data. These extensions, published under five different identities, have around 20,000 installs. They engage in various malicious activities, including stealing Google account identities, injecting ads, and exfiltrating session data. The extensions disguise themselves as legitimate tools, but they run harmful code in the background, compromising user security and privacy.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]