Google’s Chrome Web Store has been hit with malicious extensions that have tricked users into installing them, resulting in potential tracking and redirection issues. Researchers at Koi Security discovered almost a dozen malicious extensions, many of which had hundreds of positive reviews and were featured prominently on the store.
The extensions, which included color pickers, VPNs, volume boosters, and emoji keyboards, used a background service worker to capture user browsing activity and exfiltrate information to remote servers. While no malicious redirections have been observed, experts warn that users may be at risk if they installed these extensions.
Some of the affected extensions were removed after researchers alerted Google, while others remain available. Users are advised to check for the listed extensions in Chrome and remove them as soon as possible. The Koi Security team recommends clearing browsing data, checking for malware, and monitoring accounts for suspicious activity.
This is not an isolated incident, as 600,000 downloads of malicious extensions were also found in Microsoft Edge’s official store. The discovery highlights the need for users to remain vigilant when installing new extensions and to regularly check their browser settings for potential security threats.
Source: https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-17m-installs-found-on-web-store