Malicious AI, VPN, and Crypto Extensions in Chrome Web Store Steal Data

By Netvora Tech News

---

Researchers have discovered more than 100 malicious extensions in the Chrome Web Store that pose as legitimate extensions for VPN applications, AI agents, or cryptocurrency wallets, but in reality, they steal sensitive data. According to DomainTools, this campaign has been ongoing since February 2024.

Deceptive Tactics Uncovered

To lure users to the malicious extensions, the attackers have created over 100 fake websites. Each fake website advertises the malicious extension, providing detailed information about its features and a link to download it from the Chrome Web Store. These extensions operate with dual functionality, offering the promised features while also requesting permissions to steal data.

Data Theft and Manipulation

Researchers found that the extensions can execute arbitrary code on any visited website, allowing them to steal login credentials and sessions. Additionally, they can inject ads on websites, redirect users to malicious sites, manipulate browser traffic, and perform phishing attacks. Some of the analyzed extensions were found to steal all browser cookies.

Google Removes Malicious Extensions, Warns Users

Google has removed several of the malicious extensions from the Chrome Web Store, but the attacker continues to upload new ones. DomainTools advises Chrome users to exercise caution when installing extensions, only choose verified developers, carefully review requested permissions, be alert for lookalike extensions, and remove unused or suspicious extensions.

Prevention is Key

"Waakzaamheid is de sleutel om dit soort dreigingen te vermijden," (Vigilance is the key to avoiding such threats).