Last updated 1 month ago
A campaign involving 108 malicious Chrome extensions compromised user data by stealing browser sessions and Google account information, while also injecting advertisements. The extensions were controlled through a single command-and-control (C2) infrastructure, indicating a coordinated attack. The disclosure date is May 2026, though the discovery date is not specified.
The attack chain began with users installing seemingly legitimate Chrome extensions that contained malicious code. Once installed, the extensions communicated with the C2 server to exfiltrate session tokens and Google account data, and to inject unauthorized ads into web pages. The specific initial access vector (e.g., social engineering or compromised developer accounts) is not detailed, but the use of extensions as a delivery mechanism is confirmed. No specific threat actor or CVE references are provided.
No post-incident developments such as regulatory actions, litigation, or remediation milestones are mentioned in the article.
108 malicious Chrome extensions deployed via single C2 infrastructure to steal sessions, Google data, and inject ads
Sign in to join the discussion.
Company
Industry
Location
Disclosed
Records Affected
Attack Vector