Story Content

Security company Socket has revealed an enormous campaign of 108 rogue Chrome extensions on the Chrome Web Store that stole data from Google accounts and impersonated Telegram sessions of more than 20,000 users.

The extensions, which were released by five developer names such as Yana Project and GameGen, linked to the same command-and-control infrastructure. Some of their methods included stealing OAuth2 tokens to gain email, profile, and credentials, and 45 had a universal backdoor that allowed arbitrary URLs to be opened without restrictions or ads or scripts injected into any webpage.

The extensions went unnoticed until recently, when they were disguised as useful tools, games, and translators. Google has been informed, and a takedown request is in progress.

To protect their accounts, users are encouraged to check extensions installed, delete any suspicious ones, turn off Google third-party access, and leave active Telegram sessions in order to protect their accounts. Always adhere to reviewed extensions by reputable sites.