A silent threat is lurking within Google Chrome, potentially compromising the security of millions. Cybersecurity researchers have uncovered a network of 108 malicious extensions designed to steal your most sensitive data, operating under the guise of legitimate tools.
These aren’t isolated incidents; the extensions, published by five different developers, all funnel stolen information – login credentials, user IDs, and browsing data – to a single, central operator. While 20,000 installations seem small compared to Chrome’s billions of users, the coordinated nature of this scheme is deeply concerning.
The malicious extensions masquerade as a variety of useful tools. They include Telegram sidebar clients, enticing slot machine and Keno games, “enhancers” for popular platforms like YouTube and TikTok, general page utilities, and even a seemingly harmless text translation tool.
The danger lies beneath the surface. A Telegram client extension, for example, doesn’t just provide a chat interface – it silently steals your entire Telegram Web session every 15 seconds, exposing messages, contacts, and linked accounts. It’s a complete compromise of your online communication.
Fifty-four of these extensions exploit a clever trick: they steal your Google account identity when you click a “sign-in” option, leaking your email, name, and profile picture. While they don’t gain full account access, this stolen information can be used for targeted phishing attacks and identity theft.
The threat extends beyond account information. Forty-five extensions contain backdoors allowing the operator to open any URL in your browser, potentially leading to further malware infections. Seventy-eight can inject malicious HTML code, altering the web pages you visit.
Even seemingly innocuous platforms aren’t safe. Five extensions actively bypass security measures on YouTube and TikTok, injecting gambling ads and overlays onto the sites, disrupting your experience and potentially exposing you to further risks.
Immediate action is crucial. Check your Chrome browser for any of the identified malicious extensions. Popular examples include “Telegram Multi-account,” “Black Beard Slot Machine,” “Page Locker,” and “InterAlt.” A comprehensive list of extensions and their IDs is available for review.
If you used “Telegram Multi-account,” immediately log out of all Telegram Web sessions through the Telegram app’s settings. For any extension where you signed in with your Google account, assume your identity was compromised and review your third-party app permissions.
If you utilized the “Text Translation” tool, be aware that your name and email address were likely exposed. Moving forward, exercise extreme caution when installing new extensions. The Chrome Web Store isn’t foolproof, and malicious programs can slip through the cracks.
Before installing any extension, scrutinize the listing. Be wary of requests for sensitive information, a lack of reviews, or a poorly constructed presentation. A healthy dose of skepticism is your best defense against these hidden threats.
Protecting your digital life requires vigilance. This discovery underscores the importance of carefully evaluating every extension you add to your browser, safeguarding your data from those who seek to exploit it.