Two separate campaigns have been stealing credentials and browsing history for months.
No its not cause we all ditched chrome years ago, right?
TLDR: These Extensions were compromised::
Name ID Version Patch Available Users Start End VPNCity nnpnnpemnckcfdebeekibpiijlicmpom 2.0.1 FALSE 10,000 12/12/24 12/31/24 Parrot Talks kkodiihpgodmdankclfibbiphjkfdenh 1.16.2 TRUE 40,000 12/25/24 12/31/24 Uvoice oaikpkmjciadfpddlpjjdapglcihgdle 1.0.12 TRUE 40,000 12/26/24 12/31/24 Internxt VPN dpggmcodlahmljkhlmpgpdcffdaoccni 1.1.1 1.2.0 TRUE 10,000 12/25/24 12/29/24 Bookmark Favicon Changer acmfnomgphggonodopogfbmkneepfgnh 4.00 TRUE 40,000 12/25/24 12/31/24 Castorus mnhffkhmpnefgklngfmlndmkimimbphc 4.40 4.41 TRUE 50,000 12/26/24 12/27/24 Wayin AI cedgndijpacnfbdggppddacngjfdkaca 0.0.11 TRUE 40,000 12/19/24 12/31/24 Search Copilot AI Assistant for Chrome bbdnohkpnbkdkmnkddobeafboooinpla 1.0.1 TRUE 20,000 7/17/24 12/31/24 VidHelper - Video Downloader egmennebgadmncfjafcemlecimkepcle 2.2.7 TRUE 20,000 12/26/24 12/31/24 AI Assistant - ChatGPT and Gemini for Chrome bibjgkidgpfbblifamdlkdlhgihmfohh 0.1.3 FALSE 4,000 5/31/24 10/25/24 TinaMind - The GPT-4o-powered AI Assistant! befflofjcniongenjmbkgkoljhgliihe 2.13.0 2.14.0 TRUE 40,000 12/15/24 12/20/24 Bard AI chat pkgciiiancapdlpcbppfkmeaieppikkk 1.3.7 FALSE 100,000 9/5/24 10/22/24 Reader Mode llimhhconnjiflfimocjggfjdlmlhblm 1.5.7 FALSE 300,000 12/18/24 12/19/24 Primus (prev. PADO) oeiomhmbaapihbilkfkhmlajkeegnjhe 3.18.0 3.20.0 TRUE 40,000 12/18/24 12/25/24 Cyberhaven security extension V3 pajkjnmeojmbapicmbpliphjmcekeaac 24.10.4 24.10.5 TRUE 400,000 12/24/24 12/26/24 GraphQL Network Inspector ndlbedplllcgconngcnfmkadhokfaaln 2.22.6 2.22.7 TRUE 80,000 12/29/24 12/30/24 GPT 4 Summary with OpenAI epdjhgbipjpbbhoccdeipghoihibnfja 1.4 FALSE 10,000 5/31/24 9/29/24 Vidnoz Flex - Video recorder & Video share cplhlgabfijoiabgkigdafklbhhdkahj 1.0.161 FALSE 6,000 12/25/24 12/29/24 YesCaptcha assistant jiofmdifioeejeilfkpegipdjiopiekl 1.1.61 TRUE 200,000 12/29/24 12/31/24 Proxy SwitchyOmega (V3) hihblcmlaaademjlakdpicchbjnnnkbo
Edit: On a phone so I can’t easily format this table style like the article
I had Reader Mode installed but by the time I saw this posting, Chrome and Brave had already disabled it.
