Everyone understands just how much information browser extensions have access to, right? https://t.co/4Omcv6BOdS

— Troy Hunt (@troyhunt) February 14, 2020

Here you thought that Chrome was the safest best browser ever?

500 Chrome extensions secretly uploaded private data from millions of users. #ThanksGoogle /shttps://t.co/aKHlZEugKX

— Wolverine 2020 ? (@WolverineResist) February 14, 2020

Treat browser extensions with the same scrutiny (or more) that you would treat apps you install, they are just as dangerous and can be more dangerous with permissions you grant them (e.g. viewing web sites you visit and web site content)https://t.co/oCfQFDN2X6

— Brian Krupp (@briankrupp) February 14, 2020

500 Chrome extensions secretly uploaded private data from millions of users https://t.co/lDXoDN5Pfa

— Chris Heilmann (@codepo8) February 14, 2020

500 Chrome extensions secretly uploaded private data from millions of users | Ars Technica

Extensions were part of a long-running ad-fraud and malvertising network. https://t.co/Z55RPyG1ry

— PrivacyDigest (@PrivacyDigest) February 14, 2020

500 Chrome extensions secretly uploaded private data from millions of users | Ars Technica https://t.co/Rb8Exywj5s#Cybersecurity #cybercrime #cyberattacks #hacker #hack #breach #phishing #dos #ransomware #malware #virus #apt #pii #nist #fcc #finra #hipaa #pci pic.twitter.com/IFdcPtMSzZ

— Rich Tehrani at @ITEXPO, Feb 11-14, FL (@rtehrani) February 14, 2020

The Duo report is now live. It includes all the IOCs for the removed extensions.

If you run an enterprise network, make sure to remove these extensions from your Chrome fleethttps://t.co/E7wjLchvvI pic.twitter.com/5QtL8SLOe8

— Catalin Cimpanu (@campuscodi) February 13, 2020

Discoveries facilitated by our research? We ❤️to see it. Learn how Independent Security Researcher @bumblebreaches & CRXcavator creator/Duo Infosec Engineer @crxpert collaborated to uncover & remove a large-scale campaign of malvertising Chrome extensions: https://t.co/klqM4Hh7Lp pic.twitter.com/qibqb2aTla

— Duo Security (@duosec) February 13, 2020

Google removes 500+ malicious Chrome extensions from the Web Store

> Extensions redirected users to malicious sites (phishing, malware downloads), sometimes affiliate links
> Took two months to track down the entire network
> Operators active for 2 yearshttps://t.co/HSnTS6J7k8 pic.twitter.com/0JaAPbaIpF

— Catalin Cimpanu (@campuscodi) February 13, 2020

Google doesn't care about you - https://t.co/RfJzu92T6u

— Chris Brogan (@chrisbrogan) February 14, 2020

Awesome write-up by @bumblebreaches and @crxpert. They identified, analyzed, and collaborated with our team in taking down a big extensions malware campaign. (I do confess that section "07. A Brighter Future Ahead" is my favorite part of their report.) https://t.co/zXZqGqUYiH

— Justin Schuh ? (@justinschuh) February 13, 2020

Thanks for the collab @crxpert and @duo_labs! Check out some research we worked on to highlight a recent malicious architecture of chrome web store extensions and the rise of malvertising.https://t.co/zlN6VThekq

— BumbleBreaches (@bumblebreaches) February 13, 2020

#Google removes 500+ #malicious #Chrome #extensions from the #WebStore https://t.co/ltjHJhz3mw#dataprotection#databreach#cyberattack#malware pic.twitter.com/yw5WIbzyN5

— Shaun Wiggins (@shaunwiggins) February 14, 2020

The destination links ranged from affiliate links to malware download sites or phishing pages -> Google has removed 500+ malicious Chrome extensions from its Web Store, likely affecting millions of users, that were part of a long-running ad fraud network https://t.co/1gztYKXema pic.twitter.com/MiIIkC7pi4

— Glenn Gabe (@glenngabe) February 14, 2020

#Google removes 500+ malicious #Chrome #browser #extensions from its store.#data #dataprotection #datasecurity #CyberSecurity #fintech #cybersec #InfoSec #infosecurity#privacy #dataprivacy #hackers#Malware #cybercrime #cyberattack #webdev #chromebookhttps://t.co/ERBUMzUjZu pic.twitter.com/2tHIDOq5Tt

— H.P. (@DataDrivenHenry) February 14, 2020

구글이 크롬 웹 스토어에서 무단으로 광고를 주입하는 악성 확장프로그램 500개 이상을 퇴출시켰다고... https://t.co/570QrhKIHV

— H. Kim (@metavital) February 14, 2020

Google removes 500+ malicious Chrome extensions from the Web Store.

I’m sure all defrauded publishers were handsomely refunded. https://t.co/vgwZTpMaMR

— Carl Hendy (@carlhendy) February 14, 2020

Google removes 500+ malicious Chrome extensions from the Web Store https://t.co/4j5zVt9l5c

— The Cyber Security Hub (@TheCyberSecHub) February 13, 2020

Google removes 500+ malicious Chrome extensions from the Web Store. 

A network of malicious Chrome extensions was injecting malicious ads in millions of Chrome installs.

Check this out from @ZDNet to learn more. https://t.co/svZueDwRoc #tech #cybersecurity #itsecurity pic.twitter.com/3LOU7ofqgN

— Sentricor (@sentricor) February 13, 2020

Google removes 500+ malicious Chrome extensions from the Web Store https://t.co/pNs37qS5B3 by @campuscodi

— ZDNet (@ZDNet) February 13, 2020

We love browser extensions. But some of them don’t respect us in the morning: https://t.co/WldyY5peYp

— @Richi Jennings (@RiCHi) February 14, 2020

Watch Out!

500+ Chrome browser extensions caught stealing private data of over 1.7 million users

Read details ➤ https://t.co/6XvjkxmUnT#Google has now removed them from its official Web Store, but if you still have any of them installed, remove immediately.#cybersecurity

— Anonymous??️ ? (@YourAnonRiots) February 14, 2020

500 Chrome Extensions Caught Stealing Private Data of 1.7 Million Users
https://t.co/C45OyNkh3z #proprietarysoftware is very often malicious. Secrecy enables malice and mischief.

— Dr. Roy Schestowitz (罗伊) (@schestowitz) February 14, 2020

Watch Out! 500+ Chrome browser extensions caught stealing private data of over 1.7 million users

Read details ➤ https://t.co/3eLdralN6m#Google has now removed them from its official Web Store, but if you still have any of them installed, remove immediately.#cybersecurity

— Swati Khandelwal (@Swati_THN) February 14, 2020

500 Chrome Extensions Caught Stealing Private Data of 1.7 Million Users https://t.co/EgEYdlE0Nz #CyberSecurity pic.twitter.com/EOUh9d96Wk

— Angelo G Longo (@aglongo) February 14, 2020

Watch Out!

500+ Chrome browser extensions caught stealing private data of over 1.7 million users

Read details ➤ https://t.co/9GiIYPFs5e#Google has now removed them from its official Web Store, but if you still have any of them installed, remove immediately.#cybersecurity

— Mohit Kumar (@unix_root) February 14, 2020

500のChrome拡張機能が170万人のユーザーの個人データを盗むhttps://t.co/bUyRA7Qk2E
Googleは、悪意のある広告を挿入し、ユーザーの閲覧データを攻撃者の制御下にあるサーバーに吸い上げたことが判明したため、Webストアから500件の悪意のあるChrome拡張機能を削除しました。

— ITニュース新報 (@prad3ekt) February 14, 2020

500 Chrome Extensions Caught Stealing Private Data of 1.7 Million Users#Hackers #CyberWar #Cybercrime #DeepWeb #DarkWeb #Virus #BlackHat #WhiteHat #Pentester #Spam #Ransomware #SpyData #Scam #DDoS #BotHunter #Sniffer #zerodayhttps://t.co/iQtytqrYpp

— SpyData (@spydata_) February 14, 2020

500 Chrome #browser extensions out of #playstore - they secretly upload private browsing data to #C2 servers and redirecting #victims to infected #sites: https://t.co/EX4cB7Iy8B#CyberSecurity, #ITSecurity, #ITInfrastructure, #Leadership, #Google, #C2, #DataPrivacy, #Awareness

— Dulen K (@dulenkp) February 15, 2020

500 Chrome extensions secretly uploaded private data from millions of users https://t.co/h5hE8PVF4h pic.twitter.com/XHSrteSfZq

— #AI (@AI__TECH) February 14, 2020

500 Chrome extensions secretly uploaded private data from millions of usershttps://t.co/qIOb6y2qqm

— WhatIsMyIPAddress.com (@wimia) February 15, 2020

500 Chrome extensions secretly uploaded private data from millions of usershttps://t.co/sa0qq4aaPD

— Livid ??‍♀️ (@Livid2point0) February 15, 2020

Google removed 500 malicious Chrome extensions from its Web Store after they found to inject malicious ads and siphon off user browsing data to servers under the control of attackers. The extensions were a part of a malvertising and ad-fraud campaign.https://t.co/QpR9lMz22g

— Norton (@Norton) February 14, 2020

500 Chrome extensions secretly uploaded private data from millions of users ? Extensions were part of a long-running ad-fraud and malvertising network. Ars Technica https://t.co/OevgvTWIfm

— ReconSecureComputing (@SecRecon) February 14, 2020

구글 크롬 웹스토어에서 500개 이상의 악성 크롬 확장 프로그램 제거, 악성 광고 삽입, 제휴 링크로 변경, 피싱 등

Security researchers partner with Chrome to take down browser extension fraud network affecting millions of users. | Duo Security https://t.co/eUpePV5mo2

— lunamoth (@lunamoth) February 14, 2020

?CRXCavator - Google #Chrome Extensions Checker:
?[TOOL]: https://t.co/Gc8QdQzdHY by @duosec, @crxpert, @Bumblebreaches ?
?[BLOG]: https://t.co/WbVuWP1glW #blueteam #threathunting #ThreatIntel #crx pic.twitter.com/ah4fuBqBzD

— Ring3API (@rimpq) February 14, 2020

Security researchers just found a huge cache of malicious Chrome extensions, infecting millions of browsers. So Google swiped left on all of them: https://t.co/WldyY5peYp

— @Richi Jennings (@RiCHi) February 14, 2020

Roses are red, violets are blue. In today’s #SBBlogwatch at @SecurityBlvd, we’re concerned about you: https://t.co/WldyY5peYp

— @Richi Jennings (@RiCHi) February 14, 2020

500 Chrome Extensions Caught Stealing Private Data of 1.7 Million Users https://t.co/PKRCAzs6LL via @TheHackersNews #cybersecurity #Cybersecurite #infosec #datasecurity #browser #computersecurity #informationsecurity #googlechrome #Chrome #hacking #app

— Htop Skills (@HtopSkills) February 14, 2020

500 Chrome Extensions Caught Stealing Private Data of 1.7 Million Users #hacking https://t.co/NM1WmldUQI

— Claudia Martín (@CLAVDIAmartin) February 14, 2020

Google removed 500 malicious Chrome extensions from its Web Store after they found to inject malicious ads and siphon off user browsing data to servers under the control of attackers. Read on: https://t.co/F70N4Yv0lt via @thehackernews #security #infosec #cybersecurity #chrome pic.twitter.com/ts4KA0KyzA

— BlackHOST (@_blackhost) February 15, 2020

500 Malicious Chrome Extensions Impact Millions of Users#cybersecurity #informationtechnology #networksecurity #informationsecurity #hacking #securitynews #chrome #vaultinfosec #wevowyoursecurity #malware #vulnerability #websecurity #cyberattacks #threatshttps://t.co/fqGD8aSeGt

— Vault Infosec (@vaultinfosec) February 15, 2020

500 Chrome Extensions Caught Stealing Private Data of 1.7 Million Users https://t.co/2tWW322g5R

— Harjit Dhaliwal [MVP] (@Hoorge) February 15, 2020

500 Chrome Extensions Caught Stealing Private Data of 1.7 Million Usershttps://t.co/3T6AF1ztfg#hackers #cybersec #cyberattack #infosec #data #breach #cybercrime #cyberrisk #privacy #GDPR #dataprotection #hacking #malware #programming #pentest e #Chrome pic.twitter.com/bytswwq1vx

— Bob Nicolson (@NicolsonBray) February 14, 2020

500 Chrome Extensions Caught Stealing Private Data of 1.7 Million Users https://t.co/lLuKawCoPK #hackers #Malware #cybersecurity #privacy #databreach

— Tanya_CyberInvestiga8 (@CyberInvestiga8) February 14, 2020