A warning has been raised for over 3.2 million Google Chrome users regarding 16 compromised browser extensions that hackers exploited for malicious purposes. The extensions affected include popular tools like Blipshot and various ad blockers, which have been implicated in advertising and SEO fraud. GitLab Threat Intelligence discovered these issues and noted that while affected extensions have been removed from the Web Store, users must manually delete them from their browsers to avoid potential security risks associated with the multistage attacks designed by the threat actors.
We identified a cluster of at least 16 malicious Chrome extensions used to inject code into browsers to facilitate advertising and search engine optimization fraud.
The extensions span diverse functionality including screen capture, ad blocking and emoji keyboards and impact at least 3.2 million users.
The threat actor uses a complex multistage attack to degrade the security of users' browsers and then inject content, traversing browser security boundaries.
While these extensions have been deleted from the Web Store, those who already have any of them downloaded will need to delete them manually.
Collection
[
|
...
]