惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

IT之家
IT之家
C
CXSECURITY Database RSS Feed - CXSecurity.com
V
Visual Studio Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
小众软件
小众软件
L
LangChain Blog
Cyberwarzone
Cyberwarzone
美团技术团队
The Register - Security
The Register - Security
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
T
Tor Project blog
V
V2EX
Security Archives - TechRepublic
Security Archives - TechRepublic
Hacker News: Ask HN
Hacker News: Ask HN
L
LINUX DO - 最新话题
Recent Announcements
Recent Announcements
H
Hackread – Cybersecurity News, Data Breaches, AI and More
酷 壳 – CoolShell
酷 壳 – CoolShell
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
aimingoo的专栏
aimingoo的专栏
人人都是产品经理
人人都是产品经理
F
Full Disclosure
V2EX - 技术
V2EX - 技术
The Cloudflare Blog
博客园 - 叶小钗
T
Threat Research - Cisco Blogs
阮一峰的网络日志
阮一峰的网络日志
G
GRAHAM CLULEY
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Latest news
Latest news
S
Security @ Cisco Blogs
Spread Privacy
Spread Privacy
Project Zero
Project Zero
K
Kaspersky official blog
MyScale Blog
MyScale Blog
Attack and Defense Labs
Attack and Defense Labs
云风的 BLOG
云风的 BLOG
博客园 - 【当耐特】
Hacker News - Newest:
Hacker News - Newest: "LLM"
大猫的无限游戏
大猫的无限游戏
P
Privacy International News Feed
Google DeepMind News
Google DeepMind News
WordPress大学
WordPress大学
C
Cybersecurity and Infrastructure Security Agency CISA
Webroot Blog
Webroot Blog
罗磊的独立博客
Vercel News
Vercel News
N
News and Events Feed by Topic
A
Arctic Wolf
C
CERT Recently Published Vulnerability Notes

Consumer Insights

The ransomware negotiator who was working for the other side After years on the run, alleged Ryuk ransomware operator pleads guilty INTERPOL crackdown shows scammers shifting to social media Meta lets strangers remix your public Instagram photos with AI—here’s how to opt out Invited to a "job interview" with Netflix or OpenAI? Beware! Your Google password could be at risk Two arrested over credit card phishing - as the Netherlands is named Europe's worst for payment fraud India pauses WhatsApp username feature over security concerns Alleged teen ransomware hustler faces US charges after arrest in Finland WhatsApp usernames explained: how to reserve yours and stay safe Scammers race to cash in on Venezuelan earthquake disaster USB drives carrying China-linked malware infected Japanese military networks for nearly a year WhatsApp tests new safety prompt before you chat with strangers Social media is worth celebrating. It's also worth protecting. Polish police dismantle SIM-swap gang accused of crypto theft Operation Endgame deals fresh blow to StealC and Amadey malware networks Hacker hijacks Brazil's national alert system, sending "misanthropy" to millions of phones Cybercrime now rivals traditional crime across parts of Asia Apple's Hide My Email tweak leaves privacy fans fuming Americans lost $3.5 billion to imposter scams last year — and the scams are getting harder to spot Scammers have killed the physical Steam Gift cards Crypto investment scam sends couriers to collect victims' cash, FBI warns Maine forced to take down data breach portal after fake notices filed with authorities Privacy own-goal: World Cup blunder leaks Lionel Messi's passport details Why schools remain one of cybercriminals' favourite targets WhatsApp detects new spyware activity from Israel’s NSO Group despite court order Got a LinkedIn message from a recruiter? It might be Chinese intelligence, warn FBI and MI5 Europol cracks down on illegal streaming globally Hackers didn't hack Instagram; they just asked Meta AI FBI Warns Fans About FIFA Scams Ahead of 2026 World Cup Virtual knife, real lawsuit: Counter-Strike skin dispute ends in court As Deepfakes Spread, YouTube Makes AI Labels Harder to Miss Carnival breach exposes data of nearly 6 million people Police arrest man following hack of Ajax football club MyPillow listed on ransomware gang's leak site, but denies it has been breached FBI warns criminals impersonating IT support to breach law firms FBI warns of Kali365 phishing kit that breaks into Microsoft 365 accounts — no password required Telecom Executives Plead Guilty to Tech Support Fraud 7-Eleven data breach exposes data of 185,000 people ASIC Warns Australians About Crypto Trading Scams Google Search AI Mode brings a major overhaul Deleted Google API keys may remain active for 23 minutes Ukrainian police identify perp in $721k infostealer scheme Steam removes horror game after malware steals player data FBI: Crypto ATM Scams Keep Growing as Americans Lose Millions FBI warns students and staff that ShinyHunters may come knocking after Canvas breach Scam Centers Under Pressure as INTERPOL Makes More Arrests FBI Warns Older Adults Lost Billions to Scammers Burst Statistics WordPress flaw under attack Android 17 Will Let Users Verify Whether Their OS Is Legit Suspected Dream Market kingpin arrested after gold bars sent to his home address BitLocker zero-day exposes Windows drives as PoC goes public Apple Fixes ‘Persistent Notifications’ Flaw on Older iPhones Football Ticket Scams Are Rising Fast, Lloyds Bank Warns When ransomware gets physical: cybercriminals turn to threats of violence iPhone-to-Android Texts Are Now Encrypted (RCS Messaging) UK Water Supplier Fined Nearly £1 Million After Hackers Roamed Networks for Almost 2 Years Instagram Drops Encrypted DMs — What This Means for You New fear: Man films woman with smart glasses, seeks money to take video down ClickFix Campaign Uses Compromised WordPress Sites to Spread Vidar Stealer in Australia Inside Department 4: Russia's secret school for hackers Ubuntu’s new AI dreams attracted a very old-fashioned crypto scam on X Chrome 4GB AI model: What weights.bin does Sri Lanka makes 37 arrests as it raids another scam centre DAEMON Tools Lite breach prompts urgent update after malware-laced installer Brits Lost £102 Million to Romance Scams Last Year The Online Safety Act Is Changing the Internet for Kids World Password Day 2026 How Hackers Stole and Sold Roblox Accounts for $250,000 Before Getting Caught Four Years in Prison for Cybersecurity Pros Turned Ransomware Attackers Teenager alleged to be Scattered Spider hacker arrested in Finland, faces US extradition 276 Arrested in Crypto Scam Crackdown Popular WordPress redirect plugin found with years-old backdoor Iran-linked Handala hackers leak US Marines data, send chilling WhatsApp threats Alleged Silk Typhoon hacker extradited to the United States to face charges FTC: Social Media Scams Cost Americans $2.1 Billion in 2025 French police arrest 21-year-old "HexDex" hacker over 100 alleged data breaches iOS Flaw Exposed ‘Deleted’ Signal Messages Sony Starts Enforcing PlayStation Age Verification; UK and Ireland Are First Ransomware ‘Negotiator’ Faces 20 Years in Prison for Allegedly Betraying His Employers You’ve Got Mail and It’s Tracking Your Warship Crypto Investment Scam Costs Woman in Hong Kong Nearly $1 Million Operation PowerOFF warns 75,000 DDoS users Singer loses life savings to fake wallet downloaded from the Apple App Store AgingFly malware targets Ukraine government, hospitals Rockstar Games confirms breach after ShinyHunters leaks stolen analytics data FBI: Cybercrime Losses Hit $21 Billion in 2025, Fueled by AI Life imprisonment for Cambodian scam compound operators - but will it make a difference? Fake Claude Code leak on GitHub spreads Vidar malware Apple Expands ‘DarkSword’ Patch to More iPhones and iPads Nigerian romance scammer jailed after being caught out by fellow fraudster Fake WhatsApp Clone Used in Spyware Campaign, Meta Warns Fake CERT-UA emails spread AGEWHEEZE in ukraine Alleged RedLine malware developer extradited to United States The Scam That Tricks You Into Infecting Your Own Mac Iranian hackers breach FBI director's personal email, and post his CV and photos online Don't Ignore This Security Alert Apple Sent to iPhone Lock Screens Meta and YouTube Designed Addictive Platforms, Jury Finds TikTok Business phishing campaign targets advertisers Lapsus$ claims AstraZeneca breach exposes code and credentials How one man used 10,000 bots to steal $8,000,000 from music artists
108 malicious Chrome extensions caught stealing Google and Telegram data from 20,000 users
Graham CLULEY · 2026-04-15 · via Consumer Insights

What looked like harmless Chrome add-ons for Telegram, YouTube, TikTok, translation, or casual games were in fact part of a coordinated data-theft campaign affecting roughly 20,000 users. The case is another reminder that malicious browser extensions can quietly siphon credentials, hijack sessions, and tamper with web traffic even when they are downloaded from an official store.

Key Takeaways

  • Researchers identified 108 malicious Chrome extensions tied to a single command-and-control infrastructure, suggesting a coordinated operation rather than isolated abuse.
  • The extensions were disguised as useful or entertaining tools, including Telegram helpers, translation tools, slot games, and YouTube or TikTok enhancers, and had accumulated around 20,000 installs before discovery.
  • The campaign stole Google account data, exfiltrated Telegram Web sessions, opened arbitrary URLs at browser startup, and in some cases injected ads or stripped security protections from popular sites.
  • Users who installed any of the flagged extensions should remove them immediately, and anyone affected by a Telegram-themed add-on should also log out of all Telegram Web sessions to cut off possible hijacking.

Cybersecurity researchers have revealed that 108 malicious Google Chrome extensions have been quietly stealing user credentials, hijacking Telegram sessions, and injecting unwanted ads and scripts into browsers - all reporting back to the same central point.

The discovery by researchers at Socket, found that all 108 extensions were communicating with a single command-and-control server, strongly suggesting they are the work of one group of hackers.

Between them, before being identified, the extensions had racked up approximately 20,000 installs from the Chrome Web Store.

The malicious add-ons were published under five different publisher identities (Yana Project, GameGen, SideGames, Rodeo Games, and InterAlt) in an apparent attempt to avoid detection.

And to further disguise the reality of what was going on, each malicious Google Chrome extension adopted differing disguises - including posing as a Telegram sidebar client, slot machine games, tools to enhance YouTube and TikTok, or translation tools.

Behind the scenes, according to researchers, all 108 extensions were transferring stolen credentials, user identities, and browsing data to remote servers under the control of the hackers.

Specific malicious behaviours included:

  • 54 extensions that stole Google account details - including email addresses, full names, profile pictures, and Google account IDs
  • 45 extensions that contained a backdoor which could open arbitrary URLs upon browser startup
  • Privacy-busting extensions that exfiltrated Telegram Web sessions every 15 seconds, and in some cases even replacing the victim's active session with of the hackers' choosing
  • Extensions that stripped security headers from YouTube and TikTok, and injected gambling ads.

Although the identity of those behind the campaign remains unknown, it is perhaps telling that Russian-language comments were found in the source code of several of the add-ons.

If you're a regular reader of Hot for Security then you will know that browser extension security has been a significant problem over the years.

Back in 2018, for instance, the Mega.nz Chrome extension was compromised via a malicious update, leading to the scooping-up of login credentials and cryptocurrency private keys belonging to silently harvesting login credentials and cryptocurrency private keys from web surfers.

In 2020, researchers found 49 browser extensions targeting cryptocurrency wallets, which had been promoted via Google Ads and lauded with fake five-star reviews to appear trustworthy.

More recently, in 2023, a rogue "ChatGPT for Google" extension stole Facebook session cookies from over 9,000 users, and used them to spread malvertising.

And just this January, 16 more fake ChatGPT-themed extensions were found to be stealing authentication tokens.

Arguably the most alarming incident of all though occurred at Christmas in 2024, when a phishing email tricked a worker into granting a malicious app access to Cyberhaven's Chrome Web Store account. That allowed attackers to push a poisoned update to hundreds of thousands of users. That attack was believed to be part of a broader campaign that compromised over 35 extensions and affected an estimated 2.6 million people.

If you have installed any of the 108 extensions identified in this latest malicious campaign, your best course of action is to remove them immediately.

Furthermore, anyone who installed a dodgy Telegram-related extension should also log out of all Telegram Web sessions via the Telegram mobile app, as attackers may have already hijacked them.

More generally, don't you think it's high time you did a spring clean of your Chrome extensions? Do you actually use each one? Do the permissions they request seem proportionate for what they do? If in doubt, remove it.

After all, a lean browser with less extensions is inevitably a safer browser.