Anyone who uses Chrome to surf the web must be on high alert and check they haven’t downloaded and rogue browser extensions.
There’s a worrying alert for those using Google’s popular Chrome web browser, and it’s not something anyone should ignore. It appears that a number of extensions have been released that come laced with malware, and it could give hackers the ability to spy on daily browsing sessions.
That means online crooks might be able to see exactly what Chrome users are looking at online, along with stealing highly personal data.
The rogue extensions were first spotted by the team at Koi Security, and they use a clever tactic to avoid detection. When first released and downloaded, they appear completely clean of any viruses. However, once users have installed the extensions, hackers then add the data-stealing spyware at a later date.
It’s a concerning issue, especially as it’s thought that over 2 million people are thought to be affected. A total of 18 Chrome extensions have been found to have the malware, with many getting top reviews and even appearing on Google’s own Chrome store.
They include emoji keyboards, weather services, YouTube extras and more.
Here’s the full list of affected extensions, with some also targeting the Chrome-powered Edge browser.
• Emoji keyboard online (Chrome)
• Free Weather Forecast (Chrome)
• Unlock Discord (Chrome)
• Dark Theme (Chrome)
• Volume Max (Chrome)
• Unblock TikTok (Chrome)
• Unlock YouTube VPN (Chrome)
• Geco colorpick (Chrome)
• Weather (Chrome)
• Unlock TikTok (Edge)
• Volume Booster (Edge)
• Web Sound Equalizer (Edge)
• Header Value (Edge)
• Flash Player (Edge)
• Youtube Unblocked (Edge)
• SearchGPT (Edge)
• Unlock Discord (Edge)
If you think you may have installed any of the extensions above, then you need to act now. In fact, the security team at Malwarebytes is urging those affected to clear their browsing data without delay.
“Clear all browsing data (history, cookies, cached files, site data) to remove any tracking identifiers or session tokens that may have been stolen or set by the malicious extension,” Malwarebytes explained.
Chrome users are also being advised to check for any suspicious activity on accounts and make sure they enable two-factor authentication.
Another top tip is to reset the browser.
“Reset your browser settings to default,” Malwarebytes explained.
“This can help undo any changes the extension may have made to your search engine, homepage, or other settings. Note: this will also undo any changes you have made manually. Alternatively, look for signs like unexpected redirects, changed search engines, or new toolbars.”
Google says that it has since removed all the affected extensions, so no new users should be infected.
