Watch out for these Chrome extensions; they can take your information from Google and Telegram.
"The Hacker News" website published a report from the cybersecurity platform "Socket" that said there are 108 malicious extensions for the Google Chrome browser that steal data from Google and Telegram users and carry out data injection attacks.
Sukit says that these extensions, which are available under five different brand names—Yana Project, GameGen, SideGamet, Rodeo Games, and InterAlt—have been downloaded almost 20,000 times from the Google Chrome Web Store. They are available as extensions for Telegram, TikTok, and YouTube, as well as translation tools and slot games. Sukit's report specifically highlighted the danger of the Telegram extension, explaining that it extracts the token used by the app to authenticate sessions, sends it to a script running in the background, and then forwards it to a command and control server to steal Telegram login data every 15 seconds.
Furthermore, out of 108 extensions, 54 steal data from
"Spot injection" is an attack in which malicious actors create seemingly innocent inputs to manipulate machine learning models, because by exploiting a vulnerability, attacks can bypass security measures and change the expected behavior of the model.
Google accounts via OAuth2 protocol, while 45 add-ons contain a general security vulnerability that opens random URLs as soon as the browser is started.
The remaining malicious add-ons include infrastructure to bypass YouTube's security measures for ad injection, disable TikTok's security for ad insertion, inject scripts into every web page visited, redirect translation requests, and open random URLs when the browser is started.
According to Socket, anyone can view the full list of extensions identified in the report to check if they contain any harmful add-ons. If any are found, it is recommended to remove them immediately.
IBM explains on its official website that "the attack exploits vulnerabilities in the design of AI's natural language processing systems." In this way, "this vulnerability allows attackers to override the original programming instructions by injecting malicious commands into seemingly innocent queries."
As a result, point injection attacks pose a risk to data confidentiality, system integrity, and business continuity.