Cybersecurity experts have raised an urgent alarm for more than three million Google Chrome users regarding 16 browser extensions that have been compromised by hackers. These extensions, which were initially legitimate, were hijacked by cybercriminals who injected malicious code into them, putting users’ data and online security at risk.

How the Attack Works

Once compromised, these extensions enable hackers to steal user data and carry out ‘search engine fraud’—a scheme in which clicks are directed to hacker-controlled websites to generate ad revenue. Unlike malware created from scratch, these extensions were originally safe but were taken over by cybercriminals, often through phishing attacks targeting developers.

In some cases, the creators of the extensions were deceived into transferring ownership unknowingly.

After gaining control, attackers injected harmful updates into the software, allowing them to manipulate users’ web activity in real time. Notebookcheck reports that these modifications went undetected because users had already granted permissions to the extensions, giving attackers the ability to alter web behavior without raising immediate suspicion.

Affected Extensions

Among the compromised extensions are:

  • Blipshot
  • Emojis
  • Color Changer for YouTube
  • Video Effects for YouTube and Audio Enhancer
  • Themes for Chrome
  • YouTube Picture in Picture
  • Mike Adblock für Chrome
  • Super Dark Mode
  • Emoji Keyboard Emojis for Chrome
  • Adblocker for Chrome
  • Adblock for You
  • Nimble Capture
  • KProxy
  • Page Refresh
  • Wistia Video Downloader

What Chrome Users Should Do

The GitLab Threat Intelligence team, which discovered the breach, confirmed that Google has removed these extensions from the Chrome Web Store. However, users who have already installed them must delete them manually to eliminate security risks.

To protect yourself from similar threats in the future, experts recommend the following precautions:

  • Carefully vet extensions before installing them. Check the developer’s reputation and read user reviews for any red flags.
  • Review extension permissions. Be cautious if an extension requests access to sensitive data or all websites you visit.
  • Use antivirus software. Scan your computer for malware if you have installed any of the compromised extensions.

Enable spam filters and be wary of phishing emails. Phishing schemes remain the leading form of cybercrime, according to the FBI, making it crucial to avoid clicking on suspicious links.

The Bigger Picture

Experts at Tom’s Guide highlight that while browser extensions offer convenience, they often come from small developers, making it difficult to verify their legitimacy. The recent attack showcases how cybercriminals exploit trusted software distribution channels to spread malware. Even Google’s Chrome Web Store was used as a platform to facilitate the spread of these compromised extensions, further complicating efforts to detect and prevent such threats.

With phishing schemes on the rise, cybersecurity specialists stress the importance of heightened vigilance. As hackers develop more sophisticated methods, users must take proactive steps to safeguard their online security.

You also might be interested