A cybersecurity campaign involves over 100 malicious Chrome extensions that impersonate legitimate tools like VPNs and AI assistants to steal user cookies and inject remote scripts. Despite Google removing many of these extensions, some still remain, posing ongoing risks of data theft, account hijacking, and network breaches. #Fortinet #chromeextensions
Keypoints
- Malicious Chrome extensions are used to steal cookies and execute remote scripts while mimicking trusted tools.
- The campaign features over 100 fake websites impersonating brands such as Fortinet, YouTube, and Calendly.
- Extensions request risky permissions to monitor browsing activity, modify network traffic, and perform DOM-based phishing.
- Some malicious extensions remain on the Chrome Web Store despite Google removing many after detection.
- The threat enables attackers to hijack accounts, steal personal information, and breach corporate networks through session cookies.