Chrome users beware: 100+ malicious extensions still active

Chrome browser users should exercise particular caution when installing extensions. Researchers from DomainTools identified over 100 malicious extensions that can compromise user data. Although Google has removed many of these extensions, some are still available in the Chrome Web Store.

Malicious extensions often impersonate well-known brands like Fortinet or YouTube. Fake websites with "Add to Chrome" buttons direct users to harmful tools, which increases their credibility. These extensions can modify network traffic, steal cookies, and execute JavaScript scripts.

Malicious extensions can function as proxy servers, allowing attackers to monitor users' browsing activities. They can also hijack accounts and steal personal data. This underscores the importance of thoroughly checking extensions before installation.

One example is the "fortivpn" extension, which steals cookies and modifies network traffic. Similar cases have been reported previously, emphasizing the need for caution when installing new tools in the browser.

BleepingComputer provides several examples of extensions that should not be installed. Some of them impersonate popular tools like Flightradar24, the DeepSeek AI, and YouTube:

              
• youtube-vision[.]com and youtube-vision[.]world
• deepseek-ai[.]link
• calendlydaily[.]world, calendlydocker[.]com, calendly-director[.]com
• whale-alerts[.]org and whale-alert[.]life
• madgicxads[.]world and madgicx-plus[.]com
• similar-net[.]com
• workfront-plus[.]com
• flight-radar[.]life

To minimize risk, users should install extensions only from reputable publishers and read reviews from other users. This can help detect potential threats and prevent security issues.