Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs

SUMMARY :

A campaign targeting the Google Chrome Web Store has deployed over 100 malicious browser extensions masquerading as legitimate tools like VPNs, AI assistants, and crypto utilities. These extensions, while offering some promised functionality, secretly connect to threat actor infrastructure to steal user information and execute remote scripts. They can modify network traffic, deliver ads, perform redirections, and act as proxies. The campaign, discovered by DomainTools researchers, involves numerous fake domains promoting these tools. The extensions request permissions that enable cookie theft, DOM-based phishing, and dynamic script injection. Risks include account hijacking, data theft, and browsing activity monitoring. Some extensions remain on the Chrome Web Store despite Google's removal efforts.

OPENCTI LABELS :

data theft,browser security,malicious domains,chrome extensions,google web store,remote script execution,cookie stealing,vpn impersonation


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs