"The 108 extensions are published across several product categories: Telegram sidebar clients, slot machine and Keno games, YouTube and TikTok enhancers, a text translation tool, and page utility extensions. Each targets a different type of user, but all share the same backend."
"Socket draws attention to the Telegram Multi-account extension, which steals the active Telegram Web session and allows the attackers to take over the user account by overwriting the local storage with attacker-supplied data and force-reloading Telegram."
"Another extension, Web Client for Telegram - Teleside, can steal sessions and has a backdoor in the background script that allows the operators to activate a payload directly, without updating the application through the Chrome Web Store."
Cybersecurity firm Socket reported that over 20,000 users installed malicious Chrome extensions linked to five accounts. These extensions, totaling 108, perform various harmful activities, including stealing Google accounts and injecting ads. Half of the extensions target Google accounts via OAuth2, while others exfiltrate Telegram sessions or inject ads into popular platforms. The extensions masquerade as legitimate tools to avoid detection, but they connect to a command-and-control infrastructure to execute malicious actions. Notable examples include extensions that can take over Telegram accounts and activate payloads without updates.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]