108 Malicious Chrome Extensions Caught Stealing Google and Telegram User Data

Security researchers have uncovered 108 malicious Google Chrome extensions designed to steal sensitive user data, including credentials and personal information linked to Google accounts and Telegram. The discovery has raised fresh concerns about the safety of browser extensions and the risks users face when installing third-party add-ons.

The rogue extensions were found to be harvesting a wide range of data, including cookies, authentication tokens, and private messages, potentially giving attackers unauthorized access to victims' accounts. In some cases, the stolen information could be used to take over accounts entirely or sell user data on dark web marketplaces.

Researchers noted that many of the malicious extensions were disguised as legitimate productivity tools, ad blockers, and utility apps, making them difficult for the average user to identify as threats. Some had accumulated thousands of downloads before being flagged, suggesting a significant number of users may already be affected.

Google has been notified of the findings and has begun removing the identified extensions from the Chrome Web Store. However, users who have already installed any of the flagged extensions are urged to remove them immediately and change their passwords for any accounts that may have been compromised.

Cybersecurity experts are recommending that users review their installed extensions regularly and only download add-ons from verified developers with a strong track record. Checking user reviews, scrutinizing requested permissions, and keeping browsers updated are considered essential steps in protecting against this type of threat.

This incident is part of a broader pattern of malicious browser extensions targeting popular platforms. Security professionals warn that as browsers become central to both personal and professional life, they will continue to be prime targets for cybercriminals looking to exploit unsuspecting users.