Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs

(A Bielby)

By Bill Toulas

A Google Chrome Web Store campaign uses over 100 malicious browser extensions that mimic legitimate tools, such as VPNs, AI assistants, and crypto utilities, to steal browser cookies and execute remote scripts secretly.

The extensions offer some of the promised functionality, but also connect to the threat actor’s infrastructure to steal user information or receive commands to execute. Additionally, the malicious Chrome extensions can modify network traffic to deliver ads, perform redirections, or proxying.

The campaign was discovered by security researchers at DomainTools, who spotted over 100 fake domains promoting the tools to unsuspecting users, likely through malvertising.

Read more at Bleeping Computer

Click to listen highlighted text!