These extensions were already stealing from millions of Chrome users.
Recently, it has been found out that over 500 Google Chrome extensions were collecting user data and using it for malicious purposes.
Investigated by an independent security researcher named Jamila Kaya and Duo Security; they initially discovered 71 such extensions with 1.7 million installations but then went on to discover an additional 430 after privately notifying Google’s team.
All of these extensions were hiding their real motive of advertising and exfiltrating user data through various techniques. These included requesting permissions that they did not need from users such as access to the user’s clipboard & cookies stored locally.
See: Clones of popular Adblockers caught ad frauding millions of Chrome users
In this way, they were able to obtain critical info and then share it back to themselves by connecting the user’s browser to their C2 server. Using this established connection, the extensions would also receive further commands, updated lists of malicious ads and other domains the user should be redirected to along with the locations where the user data should be continued to be uploaded to.
Furthermore, users would also be redirected to different domains which sometimes were legitimate but often they were also malicious ones where malware could be downloaded or users could be google chrome extensions found spreading malware
