Malicious Chrome Extensions Caught Stealing Business Data, Emails, and Browsing History

FOE The Hacker News February 13, 2026

Summary

A malicious Chrome extension called CL Suite has been discovered stealing data from Meta Business Suite and Facebook Business Manager users. The extension, marketed as a tool for scraping data and generating 2FA codes, actually exfiltrates business data, emails, and browsing history. Users are advised to remove the extension immediately.

IFF Assessment

FOE

The malicious extension steals sensitive business data, harming organizations' security posture.

Severity

8.8 High (AI Estimated)

Defender Context

This highlights the ongoing threat of malicious browser extensions, which can bypass traditional security measures. Defenders should educate users on the risks of installing unverified extensions and implement policies to restrict extension installations. Monitoring browser activity for suspicious data exfiltration is also critical.

Read Full Story →