"The malicious update introduced to QuickLens on February 17, 2026, kept the original functionality but introduced capacities to strip security headers (e.g., X-Frame-Options) from every HTTP response, allowing malicious scripts injected into a web page to make arbitrary requests to other domains, bypassing Content Security Policy (CSP) protections."
"While QuickLens is no longer available for download from the Chrome Web Store, ShotBird remains accessible as of writing. ShotBird was originally launched in November 2024, with its developer, Akshay Anu S (@AkshayAnuOnline), claiming on X that the extension is suitable for 'creating professional, studio-like visuals,' and that all processing happens locally."
"QuickLens was listed for sale on ExtensionHub on October 11, 2025, by 'akshayanuonline@gmail.com' merely two days after it was published. On February 1, 2026, the extension's owner changed to 'support@doodlebuggle.top' on the Chrome Web Store listing page."
Two Chrome extensions, QuickLens and ShotBird, were compromised after their ownership was transferred to malicious actors. QuickLens, with 7,000 users, was listed for sale shortly after launch and changed ownership in February 2026, while ShotBird, with 800 users, was transferred to a different developer in January 2025 after receiving a Featured flag. Malicious updates introduced capabilities to strip security headers, bypass Content Security Policy protections, and inject arbitrary scripts into web pages. The compromised extensions could fingerprint users' countries, detect browser and operating system information, and harvest sensitive data. QuickLens is no longer available on the Chrome Web Store, though ShotBird remains accessible.
#chrome-extensions-security #malware-distribution #ownership-transfer-attacks #data-harvesting #browser-security
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]