Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs
A Google Chrome Web Store campaign uses over 100 malicious browser extensions that mimic legitimate tools, such as VPNs, AI assistants, and crypto utilities, to steal browser cookies and execute remote scripts secretly.
The extensions offer some of the promised functionality, but also connect to the threat actor’s infrastructure to steal user information or receive commands to execute. Additionally, the malicious Chrome extensions can modify network traffic to deliver ads, perform redirections, or proxying.
The campaign was discovered by security researchers at DomainTools, who spotted over 100 fake domains promoting the tools to unsuspecting users, likely through malvertising.
Read more at Bleeping Computer