
Approximately 100 extensions registered in the Google Chrome Web Store have backdoor installations, stealing user authentication information + account data.
It is reported to be doing so.
Kush Pandia, a security researcher at Socket, revealed in the analysis that all 108 stolen credentials, user identities,
and browsing data were routed to servers managed by the same operator.
Of these, 54 add-ons steal Google account identities through OAuth2, and 45 extensions have
a common backdoor that opens arbitrary URLs as soon as the browser starts,
and the remaining extensions reportedly perform various malicious activities.
Source: 108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users
If you have any of the extensions below, remove them immediately (there are many game extensions)
Source: 108 Chrome Extensions Linked to Data Exfiltration and Sessio...

▶ Original source: https://thehackernews.com/2026/04/108-malicious-chrome-extensions-steal.html?utm_source=chatgpt.com
▶ Original source: https://socket.dev/blog/108-chrome-ext-linked-to-data-exfil-session-theft-shared-c2