Threats Tagged 'chrome extensions'

SearchJack represents a coordinated campaign comprising 23 deceptive Chrome browser extensions that silently hijack users' default search engines, redirecting queries through monetization middleware before delivering results. These extensions masquerade as various productivity tools, satellite imagery viewers, maps, and news readers while their actual purpose is generating search affiliate revenue. The campaign affects approximately 758,000 users across 22 unique publishers and leverages at least 8 distinct monetization brokers, primarily routing traffic through Yahoo Hosted Search affiliate programs. The extensions employ manifest-only wrappers using chrome_settings_overrides to hijack search settings, with some implementing runtime obfuscation to evade static analysis. Several extensions feature false privacy claims, anomalous review patterns, and anonymous publishers with fictional corporate identities, enabling operators to monetize user search behavior while maintaining zero accountability.

Multiple malicious Chrome extensions are exploiting the growing use of AI platforms by disguising themselves as legitimate productivity tools while secretly stealing user conversations and personal data. Extensions including Urban VPN, Smart Sidebar, and AI Assistant/Chat AI collectively reach millions of users but contain hidden scripts that intercept communications with popular AI platforms like ChatGPT, Claude, DeepSeek, Gemini, and others. These extensions inject malicious JavaScript that overrides network requests, monitors DOM elements for chat interactions, and exfiltrates sensitive data including conversation content, session identifiers, and timestamps to remote servers. The threat is particularly concerning as users frequently share confidential personal, medical, and corporate information with AI platforms, making intercepted conversations highly valuable for threat actors.