Cybersecurity researchers have uncovered a persistent malicious campaign involving browser extensions that masquerade as privacy tools to control and monitor user web traffic. Despite multiple removals, these extensions continue to reappear, gaining over 9 million installs and evolving to become more evasive and powerful. #LayerXSecurity #BrowserExtensions
Keypoints
- Malicious browser extensions disguised as free VPN and ad-blockers have been active for over six years.
- These extensions intercept, redirect, and exfiltrate user browsing data while disabling security tools.
- The latest variants are more stealthy, dynamically load remote scripts, and offer greater remote control.
- The campaign involves over 9 million installations, with new versions still available on Chrome Web Store.
- Victimsβ web traffic, browsing history, and extension data are targeted for comprehensive surveillance.