108 Malicious Chrome Extensions Steal Data From 20,000 Users

The Hacker News reported that security researchers identified 108 malicious Chrome extensions from five publishers that were distributing malware through the Chrome Web Store. The extensions presented themselves as productivity and gaming tools. Once installed, they used OAuth2 exploits and connections to command-and-control servers to exfiltrate Google account credentials, Telegram data, and browsing history from approximately 20,000 users. Google has since removed the extensions. Browser extensions occupy a uniquely dangerous position in the security stack. They run with high-level browser permissions, have access to page content, cookies, and stored credentials, and are often installed without significant scrutiny. Most users install extensions based on a name and a star rating without reviewing the permissions requested or the publisher's history. The five-publisher structure of this campaign suggests a deliberate attempt to spread risk and avoid triggering detection through any single account or pattern. That level of organization is consistent with professional cybercrime groups rather than opportunistic individual actors. For developers, businesses, and IT teams in Nigeria and globally, the practical guidance is direct. Audit the Chrome extensions installed across your team's machines. Remove anything unused or unverified. Set organizational policies that restrict extension installation to approved lists for devices handling sensitive data. Browser hygiene is often treated as a low-priority task, but this campaign shows the damage from getting it wrong. Every extension installed on a browser is a new surface that attackers evaluate before you do.