100 Chrome Extensions Steal User Data, Create Backdoor
Summary
Over 100 Chrome extensions have been discovered to be stealing user data and creating backdoors into compromised systems. These malicious extensions appear to be part of a coordinated campaign, utilizing shared command-and-control infrastructure across multiple publishing accounts.
IFF Assessment
The discovery of numerous malicious extensions highlights a significant threat to user data and system security, as these extensions can compromise accounts and exfiltrate sensitive information.
Defender Context
Defenders should be aware of the prevalence of malicious browser extensions and educate users on the risks associated with installing extensions from untrusted sources. Regular auditing of installed extensions and vigilant monitoring for unusual network activity originating from browsers can help mitigate this threat.