Summary

The article reports on a cybersecurity threat involving 108 malicious Google Chrome extensions that have been discovered to steal user data and inject ads and arbitrary JavaScript code into web pages. The campaign affects approximately 20,000 users and targets data from Google and Telegram.

Key Points

• A total of 108 Google Chrome extensions have been identified as malicious.
• These extensions communicate with a common command-and-control (C2) infrastructure.
• The primary goal is to collect user data and enable browser-level abuse.
• The extensions inject ads and arbitrary JavaScript code into every web page visited.
• Approximately 20,000 users have been affected by this campaign.
• The campaign specifically targets data from Google and Telegram.

Analysis

This discovery highlights the ongoing risks associated with browser extensions, which can serve as vectors for data theft and unauthorized code execution. The use of a shared C2 infrastructure suggests a coordinated effort to exploit user data across multiple platforms, emphasizing the need for vigilance in monitoring and managing browser extensions.

Conclusion

IT professionals should regularly audit browser extensions within their organizations, ensuring only trusted and necessary extensions are installed. Additionally, educating users about the risks of installing unverified extensions can help mitigate potential security breaches.