108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users

📅 14 April 2026 at 08:35 UTC📰 The Hacker NewsView original source ↗

Cybersecurity researchers have discovered a new campaign in which a cluster of 108 Google Chrome extensions has been found to communicate with the same command-and-control (C2) infrastructure with the goal of collecting user data and enabling browser-level abuse by injecting ads and arbitrary JavaScript code into every web page visited. According to Socket, the extensions are published

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

A cluster of 108 malicious Google Chrome extensions has been discovered to collect user data and enable browser-level abuse, affecting approximately 20,000 users. The extensions communicate with a shared command-and-control infrastructure to inject ads and arbitrary JavaScript code into web pages.

⚙️Technical Details

Affected Systems

Google Chrome

Attack Vectors

Malicious Chrome ExtensionsCommand-and-Control (C2) Infrastructure

💥Impact Assessment

Severity: H

Who Is at Risk

Approximately 20,000 Google Chrome users

🛡️Recommended Actions

1['Users should immediately disable any suspicious extensions and update their Chrome browser to the latest version.', 'Users should enable two-factor authentication (2FA) for their Google accounts to prevent unauthorized access.', "System administrators should monitor their organization's Chrome usage and implement regular extension audits."]

📦Affected Products

Google Chrome

Read the full article

This is a curated summary. The complete article is available at The Hacker News.

Read on The Hacker News ↗

← Back to feed