Google Chrome users have once again become the target of a sophisticated cyberattack, this time through compromised browser extensions. At least 33 Chrome extensions have been backdoored, impacting approximately 2.6 million users worldwide. Attackers used deceptive phishing tactics to hijack developers’ credentials, inject malicious code into extensions, and exploit unsuspecting users.
In this blog, we break down the details of the attack, the affected extensions, and what you should do to protect yourself.
How the Attack Happened
Hackers launched a highly targeted phishing campaign aimed at Chrome extension developers. They sent emails pretending to be from the Chrome Web Store, warning developers about supposed policy violations in their extensions. These emails contained fraudulent links that redirected victims to phishing sites, where their credentials were stolen.
Once the attackers gained access to these accounts, they uploaded malicious versions of the affected extensions. Since Chrome automatically updates extensions in the background, users unknowingly received these compromised versions, leaving their data vulnerable.
What the Malware Does
The malicious code embedded in these extensions had one primary goal—stealing sensitive user data. The backdoor allowed hackers to:
✅ Steal login credentials for social media accounts and other platforms
✅ Extract session tokens and cookies to hijack user sessions
✅ Monitor browsing activity and inject additional malicious scripts
This means that if you had any of the affected extensions installed, your passwords, browsing behavior, and even financial information may have been exposed.
List of Affected Chrome Extensions
The compromised extensions span multiple categories, including VPN services, AI tools, video downloaders, and productivity aids.
Some of the most notable ones include:
- VPNCity
- Internxt VPN
- Bookmark Favicon Changer
- Castorus
- Wayin AI
- Search Copilot AI Assistant for Chrome
- VidHelper – Video Downloader
- AI Assistant – ChatGPT and Gemini for Chrome
- TinaMind – The GPT-4-powered AI Assistant!
- Bard AI Chat
- Reader Mode
- Proxy SwitchyOmega (V3)
- Cyberhaven Security Extension V3
If you have any of these extensions installed, you need to take action immediately.
How to Protect Yourself
1. Check Your Installed Extensions
Go to chrome://extensions/ in your Chrome browser and review all installed extensions. If you recognize any from the affected list, remove them immediately.
2. Change Your Passwords
If you’ve used any of the compromised extensions, change your passwords for all major online accounts, especially Google, Facebook, and banking sites. Enable multi-factor authentication (MFA) wherever possible.
3. Monitor Your Accounts for Suspicious Activity
Look for any unusual logins, unrecognized transactions, or changes in settings across your online accounts. If something seems off, report it to the respective service provider.
4. Stay Updated
Follow Google’s official security updates and be cautious when installing new Chrome extensions. Only download from reputable developers and always read user reviews before installing.
Why This Matters
This incident serves as a major wake-up call about the risks associated with browser extensions. Even extensions with millions of downloads and high ratings can become compromised if their developers’ accounts are hacked.
To stay safe:
✔️ Regularly audit your browser extensions
✔️ Be cautious of phishing emails pretending to be from Google or Chrome Web Store
✔️ Enable multi-factor authentication (MFA) for critical accounts
✔️ Use a password manager to secure your login credentials
Google has since removed the affected extensions from the Chrome Web Store, but the damage has already been done. Taking proactive steps now will ensure your online security is not compromised.
Final Thoughts
Cybercriminals are becoming more sophisticated, and browser extensions remain a high-risk attack vector. By staying informed and following best security practices, you can safeguard your personal data and prevent falling victim to such attacks.
Have you been affected by this Chrome extension hack? Share your experience in the comments below, and don’t forget to spread the word to help others stay protected. Stay safe online!
