Security researchers have identified more than 100 malicious extensions lurking in Google's official Chrome Web Store, posing significant risks to millions of users worldwide. These dangerous add-ons are designed to intercept sensitive authentication credentials, establish unauthorized system access, and manipulate online advertising networks.
100+ Malicious Extensions Found in Chrome Web Store
The threat actors behind these extensions are specifically targeting Google OAuth2 Bearer tokens—authentication credentials that grant access to user accounts across multiple Google services and third-party applications relying on Google authentication. By stealing these tokens, attackers gain the ability to hijack accounts and access sensitive personal data without requiring passwords.
Credential Theft and Backdoor Access Capabilities
Beyond credential theft, the extensions deploy backdoor functionality that allows attackers to maintain persistent access to compromised systems. This capability enables them to execute arbitrary commands, install additional malware, and conduct surveillance activities on infected devices. The backdoor infrastructure represents a particularly dangerous threat vector, as it allows threat actors to adapt their attacks over time.
Ad Fraud Operations and Revenue Generation
The campaign also includes ad fraud operations, where compromised extensions inject unauthorized advertisements into web pages users visit. This scheme generates illicit revenue for the threat actors while degrading the user experience and potentially exposing victims to additional malicious content.
Gaps in Chrome Extension Review Security
The discovery highlights persistent vulnerabilities in Chrome's extension review processes, despite Google's efforts to strengthen security screening mechanisms. While the company does conduct automated and manual reviews of submissions to the Web Store, sophisticated threat actors continue finding ways to circumvent these protections through obfuscated code, staged payload delivery, and other evasion techniques.
How Users Can Protect Their Systems
Security experts recommend Chrome users immediately audit their installed extensions, removing any unfamiliar or suspicious add-ons. Users should prioritize installing extensions only from well-known, reputable developers and regularly review their active extensions in Chrome's extension management interface. Additionally, users should consider enabling Chrome's enhanced security features and keeping the browser updated to the latest version to receive ongoing security patches and protections against emerging threats.