Google Chrome Users Urged to Remove 16 Risky Extensions Due to Security Threat

 

Google Chrome Users Urged to Remove 16 Risky Extensions Due to Security Threat

Google Chrome users have been alerted to the presence of 16 harmful browser extensions that pose significant security risks and potential fraud, linked to a well-known cybercriminal group.

These compromised extensions, which provide features like screen capturing, ad blocking, and emoji keyboards, have reportedly affected approximately 3.2 million users, as revealed by GitLab Threat Intelligence, the first to expose the issue.

A major security alert has been issued to over three million Chrome users regarding these extensions, which cybercriminals have managed to infiltrate with malicious codes.

Cybersecurity specialists strongly advise immediate removal of these extensions, as attackers have embedded harmful scripts designed to extract personal data and execute 'search engine fraud'—a deceptive practice that redirects clicks to hacker-operated websites to generate illicit ad revenue.

The malicious scripts embedded in the extensions manipulate browsers, enabling hackers to extract sensitive user data and conduct fraudulent activities related to ad revenue, according to Tom’s Guide.

Users initially installed these extensions for legitimate purposes, but they later became corrupted due to harmful updates injected by the attackers.

As reported by NotebookCheck, the breach was traced back to developer accounts that were compromised, leading to hackers gaining control and distributing harmful updates via official browser extension marketplaces.

The affected extensions include:

• Blipshot
• Emojis (Emoji Keyboard)
• Color Changer for YouTube
• Video Effects for YouTube and Audio Enhancer
• Themes for Chrome and YouTube Picture in Picture
• Mike Adblock für Chrome
• Super Dark Mode
• Emoji Keyboard Emojis for Chrome
• Adblocker for Chrome (NoAds)
• Adblock for You
• Adblock for Chrome
• Nimble Capture
• KProxy
• Page Refresh
• Wistia Video Downloader
• WAToolkit

Although Google has removed these problematic extensions from the Chrome Web Store, users who have them installed must manually delete them to avoid security risks.

Tom’s Guide also suggests running antivirus software after removal to check for potential malware infections.

Since Chrome does not support extensions on Android devices, this issue is limited to those who have installed these add-ons on desktop computers.

Unlike traditional malicious software created entirely by cybercriminals, these extensions were originally legitimate but were later hijacked through phishing schemes targeting the original developers.

In several instances, the original creators were deceived into voluntarily transferring control of their software to the hackers.

Once in control, cybercriminals deployed harmful updates, effectively turning the extensions into tools for future attacks against unsuspecting users.

NotebookCheck reported, 'All these changes remained unnoticed by users who had earlier granted permissions to these extensions, which allowed attackers to manipulate web activity in real-time.'

Experts at GitLab Threat Intelligence emphasized that all the compromised extensions shared a concerning characteristic: the permissions they requested from users.

Each of these hijacked Chrome extensions had access permissions enabling them to interact with any website visited by the victim, exacerbating the potential security risks.