Fake Chrome Extensions Identified Stealing User Data
TL;DR
Cybersecurity researchers have revealed that fake Chrome extensions have collected personal information from approximately 900,000 users. The scam involves the imitation of legitimate extensions promising artificial intelligence functionalities.
Fake Chrome Extensions Compromise User Data
Cybersecurity researchers have revealed that fake Chrome extensions have collected personal information from approximately 900,000 users. The scam involves the imitation of legitimate extensions that promise artificial intelligence functionalities.
These fraudulent extensions, once installed, access data from services like ChatGPT and DeepSeek, sending this information to a command and control (C2) server operated by the attackers.
Attackers' Strategy
The cybercriminals created versions that looked like popular extensions. According to a report from the digital security company Check Point, the intruders used social engineering techniques to trick users into installing these deceptive applications.
Once activated, the extensions can collect sensitive data, such as login credentials and personal information, compromising the security of online accounts. The installation of these tools can occur in just a few simple steps, increasing the risk for careless users.
Consequences for Users and Developers
The data theft can have significant repercussions, not only for the affected individuals but also for legitimate software developers. The loss of user trust can result in irreparable damage to the reputation of legitimate applications.
Check Point's security manager, Yisrael Shalom, stated: "The proliferation of fraudulent extensions highlights the urgent need for increased awareness and education among users."
The Future of Chrome Extensions
With the rise of cyber threats, the need for data protection becomes increasingly crucial. Experts suggest that users maintain strict control over the permissions granted to extensions and prioritize downloads from trusted sources.
Furthermore, it is imperative that platforms like Chrome enhance their security measures to prevent malicious extensions from being made available in their stores. The current scenario underscores the importance of a secure ecosystem to ensure the protection of personal information.
Content selected and edited with AI assistance. Original sources referenced above.
