Hackers have injected malicious code into dozens of popular Chrome browser extensions to steal the personal information of millions of users. You must delete them as soon as possible!
While they are extremely convenient, extensions are also a gateway for cybercriminals, since they need access to user data to function. But even if you’re careful and only download them from official stores, danger lurks, and it’s not uncommon to find corrupted extensions in the Chrome Web Store.
Recently, several IT security companies faced sophisticated attacks that aimed to compromise the Chrome browser extensions they had developed. According to investigations carried out by Cyberhaven, one of the targets of the cyberattack, no fewer than 36 extensions, with a total of around 2.6 million downloads, have been compromised, some for eighteen months. They had been updated with code that stole their sensitive data, including cookies, authentication data and banking information.
Chrome extension developers were victims of a large and particularly sophisticated phishing campaign, which had been in the works since March 2024. Victims received emails warning them of “an alleged violation of the Chrome extensions policy , specifically for a reason titled “Unnecessary details in the description”. Cybercriminals pretended to be Google and claimed that the extension was at risk of being removed due to an inadequate description.
The email then encouraged developers to correct the situation as quickly as possible by clicking on a link to the Chrome Web Store. This obviously redirected to a fraudulent page, where the victim was asked to grant hackers permission to manage Chrome Web Store extensions through their account, giving them the ability to download new versions of the Chrome extension on the Google store.
The affected extensions are as follows, listed in alphabetical order:
- AI Shop Buddy
- Bard AI chat
- Bookmark Favicon Changer
- Castorus
- ChatGPT App
- ChatGPT Assistant – Smart Search
- Cyberhaven security extension V3
- Earny – Up to 20% Cash Back
- Email Hunter
- GPT 4 Summary with OpenAI
- GraphQL Network Inspector
- Hi AI
- Internxt VPN
- Keyboard History Recorder
- Parrot Talks
- First (from PADO)
- Proxy SwitchyOmega (V3)
- Reader Mode
- Reader Mode
- Rewards Search Automator
- Search Copilot AI Assistant for Chrome
- Sort by Oldest
- Tackker – online keylogger tool
- TinaMind – The GPT-4o-powered AI Assistant!
- Voice
- VidHelper – Video Downloader
- Vidnoz Flex – Video recorder & Video share
- Visual Effects for Google Meet
- VPNCity
- Way of AI
- Web Mirror
- YesCaptcha assistant
If you have installed and used one or more of these extensions, we advise you to carefully change your passwords and other authentication information. And, of course, update them to install the security patch published by their developers.
