Cybersecurity firm Socket has uncovered 108 malicious Chrome extensions that have stolen Google and Telegram data from around 20,000 users. These extensions are all linked to the same command-and-control server. Despite being reported to Google, many of these extensions remain available in the Chrome Web Store. The extensions, disguised as games and utilities, also inject ads, open arbitrary URLs, and hijack accounts, posing ongoing risks to users’ privacy and security.
The malicious Chrome extensions were published under five different names—Yana Project, GameGen, SideGames, Rodeo Games, and InterAlt—but all shared the same backend infrastructure. This tactic likely aimed to evade detection while targeting a broad user base. The shared command-and-control server suggests a single operator or group orchestrating the campaign across multiple categories, from games to productivity tools.
According to Socket's report, all identified malicious extensions were reported to Google, but many remained available on the Chrome Web Store at the time of publication. This delay mirrors past incidents where malicious add-ons persisted despite detection, raising questions about the platform’s review and takedown processes. The situation leaves users exposed to ongoing risks, particularly those unaware their installed extensions are compromised.
If left unchecked, this incident could prompt stricter Chrome Web Store policies, automated scanning enhancements, or even user-level restrictions on extension permissions.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
