A campaign targeting the Google Chrome Web Store has deployed over 100 malicious browser extensions masquerading as legitimate tools like VPNs, AI assistants, and crypto utilities. These extensions, while offering some promised functionality, secretly connect to threat actor infrastructure to steal user information and execute remote scripts. They can modify network traffic, deliver ads, perform redirections, and act as proxies. The campaign, discovered by DomainTools researchers, involves numerous fake domains promoting these tools. The extensions request permissions that enable cookie theft, DOM-based phishing, and dynamic script injection. Risks include account hijacking, data theft, and browsing activity monitoring. Some extensions remain on the Chrome Web Store despite Google's removal efforts.