Even though we all know — or should by now — just how dangerous downloading a bad app on our phones can be, the same can’t be said for browser extensions. In fact, a new batch of malicious extensions with 20,000 combined downloads was just discovered.
As reported by The Hacker News, the supply chain security firm Socket found 108 malicious Chrome extensions posing as games, utilities, and other tools on the Chrome Web Store. While they might seem innocent at first, these extensions are actually designed to quietly steal your data in the background and inject ads into every site you visit online.
Article continues below
Here’s everything you need to know about this new campaign, along with how to keep your browser and your data safe from malicious extensions.
Delete these extensions right now
If you have any of these 108 Chrome extensions installed in your browser, you should delete them immediately. Here are the ones with the most installs but you can find the full list in Socket’s report on the matter:
- Web Client for TikTok – 2,000+ installs
- Web Client for Telegram – Teleside – 1,000+ installs
- YouSide – Youtube Sidebar – 1,000+ installs
- Web Client for Youtube – SideYou – 1,000+ installs
- Formula Rush Racing Game – 1,000+ installs
- Page Auto Refresh – 1,000+ installs
- Page Locker – 1,000+ installs
- Text Translation – 1,000+ installs
- Web Client for Rugby Rush – SideGame – 1,000+ installs
- Telegram Multi-account – 1,000+ installs
- Black Beard Slot Machine – 1,000+ installs
- Clear Cache Plus – 1,000+ installs
- Speed Test for Chrome – WiFi SpeedTest – 1,000+ installs
- Piggy Prizes – Slot Machine – 500+ installs
- Master Chess – 500+ installs
If you’ve installed any of these extensions in Chrome — or any other Chromium-based browser like Microsoft Edge — you need to remove them immediately.
To do so, click on the three-dot menu in the upper right corner of your browser, then Extensions and Manage Extensions. From there, you can search for and remove any of these malicious add-ons.
Sharing the same backend
According to Socket, these 108 malicious extensions cover a wide variety of categories, from add-ons for YouTube and TikTok to games and utilities. They all target different types of users but share the same command-and-control (C2) server on the backend.
If you did install one of these bad extensions, you’d have no idea something was wrong. On the surface, they all function as intended. However, behind the scenes, one hijacked victims’ Telegram accounts every 15 seconds, 45 added a universal backdoor to the browser, and 54 of them stole users’ Google “sub” IDs.
Of the 108 extensions, those last 54 are the most dangerous. While they also harvest your Gmail address, full name, and profile picture URL, the Google account identifier (or “sub” ID) is the most concerning. This is a digital footprint that Google assigns to your account that stays the same even if you change your password or email address.
With this identifier in hand, the cybercriminals now have a “master record” of who you are. If they catch you in a different scam years from now, they’ll know it’s the same person, allowing them to link your browsing activity across different platforms and build a permanent profile of your digital life.
How to stay safe from malicious extensions
Since malicious extensions still manage to slip through Google’s security checks and end up on the Chrome Web Store, you always need to be extra careful when downloading anything new.
As a general rule of thumb, it’s best to stick to well-known extensions from trusted brands, but I know you can’t always do that. Personally, I’ve found quite a few extensions from smaller developers that are incredibly useful. In those cases, I always check their ratings and reviews before installing them. However, I like to go a step further and check the Permissions tab. If a simple calculator or game asks for permission to “read and change all your data on all websites,” it’s an immediate dealbreaker.
I also recommend turning on Enhanced Safe Browsing in Chrome’s security settings. It provides real-time protection and will warn you if an extension you’re about to install isn’t on Google’s list of “trusted” developers.
Since even good extensions can go bad, you want to ensure that your Windows PC is protected with the best antivirus software. If you’re using an Apple computer, the best Mac antivirus software provides this same layer of extra protection. If a malicious extension does try to install malware on your system, antivirus software will detect and stop it before it can do any serious damage.
Given that browser extensions can be misused to commit fraud, you may also want to consider signing up for one of the best identity theft protection services too. Not only can they help you regain your identity after it’s stolen, but they can help you recover any funds lost to fraud as well.
Tricking unsuspecting users into installing malicious extensions is one of the easiest ways hackers can establish a foothold in your browser. While you could stop using them altogether, there are a ton of great ones that can really improve your experience. For that reason, I recommend exercising caution when downloading new ones and performing a manual audit of your installed extensions every few months to remove anything you no longer use.
Follow Tom’s Guide on Google News and add us as a preferred source to get our up-to-date news, analysis, and reviews in your feeds. Subscribe to Tom’s Guide on YouTube and follow us on TikTok.
