Danny Weber
12:58 15-04-2026
© RusPhotoBank
Cybersecurity experts uncover 108 malicious Chrome extensions that secretly steal Google account info and Telegram sessions. Learn risks and removal tips.
Cybersecurity experts have uncovered a massive malicious campaign targeting Google Chrome. The operation involved 108 browser extensions that posed as helpful tools while secretly stealing user data, including Google account information and Telegram sessions.
According to the investigation, all the malicious extensions operated through a single command server and were distributed under five fake developer names. In total, they were installed by approximately 20,000 users. The extensions functioned by intercepting login credentials through Google OAuth, collecting profile information, and tracking browser activity without the device owner's knowledge.
Extensions targeting Telegram Web posed particular risks. Some sent session data to remote servers every 15 seconds, while others could completely hijack accounts by replacing the user's current session with the attacker's session.
Additionally, some extensions used Chrome's built-in capabilities to disable website security mechanisms and inject malicious content, including advertisements and gambling elements. Others intercepted translation data or opened suspicious pages when the browser launched.
Experts strongly recommend immediately removing suspicious extensions, particularly those from developers Yana Project, GameGen, SideGames, Rodeo Games, and InterAlt. They also advise terminating all active Telegram sessions through the mobile app.