At least one Chrome user
April 14, 2026
•[ malicious extensions, credential theft, session hijacking ]
A coordinated campaign used 108 malicious Chrome extensions published under five developer identities to route stolen credentials, user identities, browsing data, Google account information, and Telegram Web session data to shared command-and-control infrastructure. The extensions collectively had about 20,000 Chrome Web Store installs and could inject ads or arbitrary JavaScript into visited pages and open arbitrary URLs through browser-level abuse.
