216.73.216.133

Google and Microsoft Trusted Them. 2.3 Million Users Installed Them. They Were Malware.

· Published 10/07/2025 18:29 · Modified 13/07/2025 12:07

Export JSON

Essential information

Published
10/07/2025 18:29
Modified
13/07/2025 12:07
Tags
2025-07-10 browser extension chrome edge reddirection supply chain attack trust exploitation verification bypass
Related entities
7 observables, 1 intrusion sets (apt), 3 techniques (mitre)

Description

A coordinated campaign of 18 malicious browser extensions infected 2.3 million users across and . These extensions, including a color picker tool, appeared legitimate with verified badges and high install counts. The campaign implemented sophisticated browser hijacking mechanisms, capturing users' browsing data and potentially redirecting them to malicious sites. The malware was introduced through version updates of previously clean extensions, exploiting the auto-update feature of browsers. The campaign demonstrates systemic failures in marketplace security, verification processes, and trust signals, turning productivity tools into surveillance malware. Users are advised to remove affected extensions and monitor their accounts for suspicious activity.

External references