The attack started with phishing emails sent to extension developers. These emails contained links to fake pages imitating the official Chrome Web Store website.
Clicking on such links led to developer accounts being compromised. After gaining access, the attackers updated the extensions and added malicious code to them.
This code collected authentication data and cookies and sent them to servers controlled by hackers.
Affected extensions included Internxt VPN, VPNCity, Uvoice, and ParrotTalks, whose total user base exceeds 2.6 million.
The problem was discovered in December 2024; Developers promptly released updates to remove the malicious code.
Source: Ferra
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
