Malware Extensions in Chrome

For years, users have been cautious about installing unknown APK files, but browser extensions have not received the same level of scrutiny. Recent incidents have revealed that Chrome extensions are not always safe. Following last year’s Honey controversy, several popular extensions were removed earlier this year for being unsafe, including the widely used “Save Image as Type”.

A new report by supply chain security firm Socket has uncovered 108 malicious Chrome extensions with around 20,000 total downloads. These extensions appear as useful tools or entertainment apps, developed by different publishers. However, all of them secretly connect to a single command and control (C2) server, indicating a coordinated and professional cyber operation.

These extensions have been found to inject unwanted ads and collect user data, raising serious privacy and security concerns. Some of them are still available on the Chrome Web Store. Users are advised to immediately remove suspicious extensions through the browser settings to protect their personal information and avoid potential risks.