We downloaded them 37 million times. They steal data and send it to fraudsters

Over 300 malicious Google Chrome extensions have been caught stealing user data and sending it to external servers. In total, they were downloaded over 37 million times.

Delete it from your browser

According to Q Continuum’s analysis, as many as 287 plug-ins sent browsing history or search results to external servers, often belonging to entities associated with data brokers or spyware distributors. Researchers identified links to 32 different entities. Some of the stolen data went directly to the infrastructure of well-known companies that monetize user data.

In addition, approximately 27.2 million users installed a total of 153 extensions for which a real browsing history leak was confirmed. As if that were not enough, dozens of plug-ins manipulated the content of the pages by injecting iframes and scripts.

15 extensions aimed at attacking Gmail turned out to be particularly dangerous. They extracted email content and sent it to external servers, potentially enabling espionage, phishing or account takeover. Other plug-ins collected data such as the user’s IP address, time zone, language used, hardware configuration and cookies, which makes it easier to hijack sessions and track online activity.

Interestingly, many of these extensions offered actually working features (e.g. AI tools, VPNs or SEO add-ons). However, they requested excessive privileges and, after installation, began communicating intensively with the attackers’ servers.

This just goes to show that even add-ons from the Chrome Web Store can be risky. It is also worth remembering that the extensions mentioned work on other Chromium browsers, including Opera and Edge. That’s why experts recommend reviewing your installed plugins from time to time and removing any that you no longer use. It is also a good idea to be especially careful with plug-ins that request access to all data on the websites you visit.

The malicious extensions included: