28 February 2025 , 08:24
385
0
Google Chrome is reportedly being targeted by criminals who inject malicious code into browser extensions, enabling them to steal user data and commit scams.
Millions of Google Chrome users have been warned about 16 browser extensions which have been compromised by hackers.
The approximate 3.2 million users should delete the browers now as cybersecurity experts have found hackers are scamming people with them. The criminals inject malicious codes into the extensions to steal user data and commit ’search engine fraud’ - the scam of driving clicks to hacker-controlled websites for ad revenue.
It means strangers could have access to your data. The Mirror has this morning contacted Google about the serious breach. It is understood, though, the list includes Blipshot, Emojis, Color Changer for YouTube, Video Effects for YouTube and Audio Enhancer, Themes for Chrome and YouTube Picture in Picture and Mike Adblock für Chrome, Super Dark Mode and Emoji Keyboard Emojis for Chrome.
Adblocker for Chrome, Adblock for You, Adblock for Chrome, Nimble Capture, KProxy and Page Refresh, Wistia Video Downloader are also deemed compromised.
Users who have downloaded any of these extensions will need to remove them manually. Chrome has, though, deleted the extensions from its Web Store, it is understood this morning.
The team from GitLab Threat Intelligence, which uncovered the scheme, said the best way to avoid a hijacked browser extension is to vet the programs you’re installing on your computer and read any reviews which warn about potential dangers.
This includes checking what "permissions" an extension is asking for, meaning which files or devices is the program looking to access with the user’s blessing.
Chrome itself doesn’t support extensions on Android phones, limiting the scope of the threat to those installing these programs on their computers.
Unlike typical apps and extensions built by hackers from scratch, these Chrome extensions were actually taken over by cyber criminals using phishing attacks on developers. In some instances, the creators of the extensions were tricked into transferring control of their inventions willingly.
Once the hackers had control, they were able to inject malicious updates into the extensions, meaning anyone who installed them had already opened the door to a future cyber attack. The Mirror has this morning contacted Google for comment.