Cyberattack on Google Chrome extensions affects 2.6 million users starting in December 2024

A recent investigation revealed that a cyberattack on Chrome extensions began earlier than previously thought, starting on December 5, 2024. At least 35 extensions, used by 2.6 million people, were affected, leading to 400,000 devices being infected. The attack originated from a phishing email targeting a developer, disguised as a Google notification. This allowed attackers to upload a malicious version of the extension, which bypassed Google’s security checks and spread through automatic updates. The attackers aimed to collect Facebook data from users. Domains linked to the attack were registered as early as March 2024, with new ones created in late 2024 before the incident.