Important warning: You should remove these add-ons right away because they contain harmful malware
The extensions we install in Google Chrome to improve our browsing experience are being used to distribute malware. This campaign puts more than 3.2 million users at risk. Tom's Guide confirms that this massive attack does not target fake extensions, but genuine extensions whose developers have been tricked or whose control has been sold to third parties.
The attackers used an effective strategy: directly contacting legitimate developers to manipulate them through phishing techniques or negotiating a transfer of control. Once they gained access to the system, they inserted malicious code into routine add-on updates, apparently bypassing Google’s security filters.
The crucial aspect of this issue is that even though Google has already removed these extensions from its official store, they are still active in the browsers where they are installed. The malware continues to work in the background, changing web pages and injecting malicious code that can redirect to fraudulent sites.
Although all the extensions listed below have been removed from the Google Chrome Web Store, you will still need to manually delete them if they are currently installed in your browser. These are their names:
Blipshot (one click full page screenshots)
Emojis: Emoji Keyboard
WAToolkit
Color Changer for YouTube
Video Effects for YouTube and Audio Enhancer
Themes for Chrome and YouTube™ Picture in Picture
Mike Adblock for Chrome | Chrome Ad Blocker
Page Refresh
Wistia Video Downloader
Super Dark Mode
Emoji Keyboard Emojis for Chrome
Adblocker for Chrome: NoAds
Adblock for You
Adblock for Chrome
Nimble Capture
KProxy
This case highlights a fundamental problem: extensions have access to our online activities, making them prime targets for cybercriminals. The situation is reminiscent of what happened with apps like LianSpy, which are capable of recording a mobile phone’s screen without the user’s consent.