惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Google DeepMind News
Google DeepMind News
P
Proofpoint News Feed
S
Schneier on Security
D
Darknet – Hacking Tools, Hacker News & Cyber Security
T
The Exploit Database - CXSecurity.com
B
Blog RSS Feed
G
GRAHAM CLULEY
Microsoft Azure Blog
Microsoft Azure Blog
Know Your Adversary
Know Your Adversary
N
Netflix TechBlog - Medium
A
Arctic Wolf
W
WeLiveSecurity
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
T
The Blog of Author Tim Ferriss
AWS News Blog
AWS News Blog
Engineering at Meta
Engineering at Meta
T
Threatpost
博客园 - 叶小钗
G
Google Developers Blog
U
Unit 42
Latest news
Latest news
Cyberwarzone
Cyberwarzone
N
News and Events Feed by Topic
Simon Willison's Weblog
Simon Willison's Weblog
Hacker News: Ask HN
Hacker News: Ask HN
MongoDB | Blog
MongoDB | Blog
H
Hacker News: Front Page
F
Fortinet All Blogs
T
Tailwind CSS Blog
The Register - Security
The Register - Security
Apple Machine Learning Research
Apple Machine Learning Research
C
CXSECURITY Database RSS Feed - CXSecurity.com
H
Heimdal Security Blog
A
About on SuperTechFans
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
C
CERT Recently Published Vulnerability Notes
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
N
News and Events Feed by Topic
Application and Cybersecurity Blog
Application and Cybersecurity Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Schneier on Security
Schneier on Security
Y
Y Combinator Blog
V
Visual Studio Blog
GbyAI
GbyAI
Forbes - Security
Forbes - Security
www.infosecurity-magazine.com
www.infosecurity-magazine.com
N
News | PayPal Newsroom
P
Proofpoint News Feed
T
Threat Research - Cisco Blogs

Consumer Insights

The ransomware negotiator who was working for the other side After years on the run, alleged Ryuk ransomware operator pleads guilty INTERPOL crackdown shows scammers shifting to social media Meta lets strangers remix your public Instagram photos with AI—here’s how to opt out Invited to a "job interview" with Netflix or OpenAI? Beware! Your Google password could be at risk Two arrested over credit card phishing - as the Netherlands is named Europe's worst for payment fraud India pauses WhatsApp username feature over security concerns Alleged teen ransomware hustler faces US charges after arrest in Finland WhatsApp usernames explained: how to reserve yours and stay safe Scammers race to cash in on Venezuelan earthquake disaster USB drives carrying China-linked malware infected Japanese military networks for nearly a year WhatsApp tests new safety prompt before you chat with strangers Social media is worth celebrating. It's also worth protecting. Polish police dismantle SIM-swap gang accused of crypto theft Operation Endgame deals fresh blow to StealC and Amadey malware networks Hacker hijacks Brazil's national alert system, sending "misanthropy" to millions of phones Cybercrime now rivals traditional crime across parts of Asia Apple's Hide My Email tweak leaves privacy fans fuming Americans lost $3.5 billion to imposter scams last year — and the scams are getting harder to spot Scammers have killed the physical Steam Gift cards Crypto investment scam sends couriers to collect victims' cash, FBI warns Maine forced to take down data breach portal after fake notices filed with authorities Privacy own-goal: World Cup blunder leaks Lionel Messi's passport details Why schools remain one of cybercriminals' favourite targets WhatsApp detects new spyware activity from Israel’s NSO Group despite court order Got a LinkedIn message from a recruiter? It might be Chinese intelligence, warn FBI and MI5 Europol cracks down on illegal streaming globally Hackers didn't hack Instagram; they just asked Meta AI FBI Warns Fans About FIFA Scams Ahead of 2026 World Cup Virtual knife, real lawsuit: Counter-Strike skin dispute ends in court As Deepfakes Spread, YouTube Makes AI Labels Harder to Miss Carnival breach exposes data of nearly 6 million people Police arrest man following hack of Ajax football club MyPillow listed on ransomware gang's leak site, but denies it has been breached FBI warns criminals impersonating IT support to breach law firms FBI warns of Kali365 phishing kit that breaks into Microsoft 365 accounts — no password required Telecom Executives Plead Guilty to Tech Support Fraud 7-Eleven data breach exposes data of 185,000 people ASIC Warns Australians About Crypto Trading Scams Google Search AI Mode brings a major overhaul Deleted Google API keys may remain active for 23 minutes Ukrainian police identify perp in $721k infostealer scheme Steam removes horror game after malware steals player data FBI: Crypto ATM Scams Keep Growing as Americans Lose Millions FBI warns students and staff that ShinyHunters may come knocking after Canvas breach Scam Centers Under Pressure as INTERPOL Makes More Arrests FBI Warns Older Adults Lost Billions to Scammers Burst Statistics WordPress flaw under attack Android 17 Will Let Users Verify Whether Their OS Is Legit Suspected Dream Market kingpin arrested after gold bars sent to his home address BitLocker zero-day exposes Windows drives as PoC goes public Apple Fixes ‘Persistent Notifications’ Flaw on Older iPhones Football Ticket Scams Are Rising Fast, Lloyds Bank Warns When ransomware gets physical: cybercriminals turn to threats of violence iPhone-to-Android Texts Are Now Encrypted (RCS Messaging) UK Water Supplier Fined Nearly £1 Million After Hackers Roamed Networks for Almost 2 Years Instagram Drops Encrypted DMs — What This Means for You New fear: Man films woman with smart glasses, seeks money to take video down ClickFix Campaign Uses Compromised WordPress Sites to Spread Vidar Stealer in Australia Inside Department 4: Russia's secret school for hackers Ubuntu’s new AI dreams attracted a very old-fashioned crypto scam on X Chrome 4GB AI model: What weights.bin does Sri Lanka makes 37 arrests as it raids another scam centre DAEMON Tools Lite breach prompts urgent update after malware-laced installer Brits Lost £102 Million to Romance Scams Last Year The Online Safety Act Is Changing the Internet for Kids World Password Day 2026 How Hackers Stole and Sold Roblox Accounts for $250,000 Before Getting Caught Four Years in Prison for Cybersecurity Pros Turned Ransomware Attackers Teenager alleged to be Scattered Spider hacker arrested in Finland, faces US extradition 276 Arrested in Crypto Scam Crackdown Popular WordPress redirect plugin found with years-old backdoor Iran-linked Handala hackers leak US Marines data, send chilling WhatsApp threats Alleged Silk Typhoon hacker extradited to the United States to face charges FTC: Social Media Scams Cost Americans $2.1 Billion in 2025 French police arrest 21-year-old "HexDex" hacker over 100 alleged data breaches iOS Flaw Exposed ‘Deleted’ Signal Messages Sony Starts Enforcing PlayStation Age Verification; UK and Ireland Are First Ransomware ‘Negotiator’ Faces 20 Years in Prison for Allegedly Betraying His Employers You’ve Got Mail and It’s Tracking Your Warship Crypto Investment Scam Costs Woman in Hong Kong Nearly $1 Million Operation PowerOFF warns 75,000 DDoS users Singer loses life savings to fake wallet downloaded from the Apple App Store AgingFly malware targets Ukraine government, hospitals Rockstar Games confirms breach after ShinyHunters leaks stolen analytics data FBI: Cybercrime Losses Hit $21 Billion in 2025, Fueled by AI Life imprisonment for Cambodian scam compound operators - but will it make a difference? Fake Claude Code leak on GitHub spreads Vidar malware Apple Expands ‘DarkSword’ Patch to More iPhones and iPads Nigerian romance scammer jailed after being caught out by fellow fraudster Fake WhatsApp Clone Used in Spyware Campaign, Meta Warns Fake CERT-UA emails spread AGEWHEEZE in ukraine Alleged RedLine malware developer extradited to United States The Scam That Tricks You Into Infecting Your Own Mac Iranian hackers breach FBI director's personal email, and post his CV and photos online Don't Ignore This Security Alert Apple Sent to iPhone Lock Screens Meta and YouTube Designed Addictive Platforms, Jury Finds TikTok Business phishing campaign targets advertisers Lapsus$ claims AstraZeneca breach exposes code and credentials How one man used 10,000 bots to steal $8,000,000 from music artists
108 malicious Chrome extensions caught stealing Google and Telegram data from 20,000 users
Graham CLULEY · 2026-04-15 · via Consumer Insights

What looked like harmless Chrome add-ons for Telegram, YouTube, TikTok, translation, or casual games were in fact part of a coordinated data-theft campaign affecting roughly 20,000 users. The case is another reminder that malicious browser extensions can quietly siphon credentials, hijack sessions, and tamper with web traffic even when they are downloaded from an official store.

Key Takeaways

  • Researchers identified 108 malicious Chrome extensions tied to a single command-and-control infrastructure, suggesting a coordinated operation rather than isolated abuse.
  • The extensions were disguised as useful or entertaining tools, including Telegram helpers, translation tools, slot games, and YouTube or TikTok enhancers, and had accumulated around 20,000 installs before discovery.
  • The campaign stole Google account data, exfiltrated Telegram Web sessions, opened arbitrary URLs at browser startup, and in some cases injected ads or stripped security protections from popular sites.
  • Users who installed any of the flagged extensions should remove them immediately, and anyone affected by a Telegram-themed add-on should also log out of all Telegram Web sessions to cut off possible hijacking.

Cybersecurity researchers have revealed that 108 malicious Google Chrome extensions have been quietly stealing user credentials, hijacking Telegram sessions, and injecting unwanted ads and scripts into browsers - all reporting back to the same central point.

The discovery by researchers at Socket, found that all 108 extensions were communicating with a single command-and-control server, strongly suggesting they are the work of one group of hackers.

Between them, before being identified, the extensions had racked up approximately 20,000 installs from the Chrome Web Store.

The malicious add-ons were published under five different publisher identities (Yana Project, GameGen, SideGames, Rodeo Games, and InterAlt) in an apparent attempt to avoid detection.

And to further disguise the reality of what was going on, each malicious Google Chrome extension adopted differing disguises - including posing as a Telegram sidebar client, slot machine games, tools to enhance YouTube and TikTok, or translation tools.

Behind the scenes, according to researchers, all 108 extensions were transferring stolen credentials, user identities, and browsing data to remote servers under the control of the hackers.

Specific malicious behaviours included:

  • 54 extensions that stole Google account details - including email addresses, full names, profile pictures, and Google account IDs
  • 45 extensions that contained a backdoor which could open arbitrary URLs upon browser startup
  • Privacy-busting extensions that exfiltrated Telegram Web sessions every 15 seconds, and in some cases even replacing the victim's active session with of the hackers' choosing
  • Extensions that stripped security headers from YouTube and TikTok, and injected gambling ads.

Although the identity of those behind the campaign remains unknown, it is perhaps telling that Russian-language comments were found in the source code of several of the add-ons.

If you're a regular reader of Hot for Security then you will know that browser extension security has been a significant problem over the years.

Back in 2018, for instance, the Mega.nz Chrome extension was compromised via a malicious update, leading to the scooping-up of login credentials and cryptocurrency private keys belonging to silently harvesting login credentials and cryptocurrency private keys from web surfers.

In 2020, researchers found 49 browser extensions targeting cryptocurrency wallets, which had been promoted via Google Ads and lauded with fake five-star reviews to appear trustworthy.

More recently, in 2023, a rogue "ChatGPT for Google" extension stole Facebook session cookies from over 9,000 users, and used them to spread malvertising.

And just this January, 16 more fake ChatGPT-themed extensions were found to be stealing authentication tokens.

Arguably the most alarming incident of all though occurred at Christmas in 2024, when a phishing email tricked a worker into granting a malicious app access to Cyberhaven's Chrome Web Store account. That allowed attackers to push a poisoned update to hundreds of thousands of users. That attack was believed to be part of a broader campaign that compromised over 35 extensions and affected an estimated 2.6 million people.

If you have installed any of the 108 extensions identified in this latest malicious campaign, your best course of action is to remove them immediately.

Furthermore, anyone who installed a dodgy Telegram-related extension should also log out of all Telegram Web sessions via the Telegram mobile app, as attackers may have already hijacked them.

More generally, don't you think it's high time you did a spring clean of your Chrome extensions? Do you actually use each one? Do the permissions they request seem proportionate for what they do? If in doubt, remove it.

After all, a lean browser with less extensions is inevitably a safer browser.