Malicious Chrome Extensions Caught Stealing Business Data, Emails, and Browsing History

Cybersecurity researchers have discovered a malicious Google Chrome extension, CL Suite, designed to steal data from Meta Business Suite and Facebook Business Manager. The extension, with 33 users, requests broad access to meta.com and facebook.com, transmitting TOTP seeds, 2FA codes, Business Manager data, and analytics to a backend controlled by the threat actor. Despite its low number of installs, the extension provides enough information to identify high-value targets and mount follow-on attacks. Additionally, 500,000 VKontakte users had their accounts hijacked through Chrome extensions masquerading as VK customization tools, and 260,000 users installed AI Chrome extensions that siphoned sensitive data. A report also found 287 Chrome extensions that exfiltrated browsing history to data brokers, with 37.4 million installations.