"The research team found that each extension is further divided into different roles based on its function. Half of the extensions (54) abuse OAuth flows to target and steal Google account identities."
"The remaining extensions are used to carry out malicious behaviors such as exfiltrating Telegram Web sessions every 15 seconds and injecting content scripts into every page the user visits."
"While one of the extensions is used to inject attacker-controlled ads into YouTube, the research did not say if such would also affect YouTube Premium subscribers."
A hacking group has compromised the data of approximately 20,000 users by weaponizing 108 Chrome Extensions that masquerade as legitimate utilities. These extensions report to a single Command and Control server and are currently available on the Chrome Web Store. Researchers found that half of the extensions target Google account identities, while others exfiltrate Telegram sessions, inject ads into YouTube and TikTok, and redirect web translation requests. Users are advised to exercise caution when installing Chrome extensions.
Read at TechRepublic
Unable to calculate read time
Collection
[
|
...
]