Two Google Chrome extensions have become malicious after an apparent ownership transfer incident, providing attackers with the means to push malware downstream to customers, inject arbitrary code, and collect sensitive data.
The extensions in question were both originally associated with a developer named “akshayanuonline@gmail.com” (BuildMelon) and are listed below.
QuickLens – Google Lens search screen (ID: kdenlnncndfnkognokgfpabgkgehodd) – 7,000 users ShotBird – Screenshot scrolling, tweet image and editor (ID: gengfhhkjekmlejbhmmopegofnoifnjp) – 800 users
QuickLens is no longer available for download from the Chrome Web Store, but ShotBird is still accessible as of this writing. ShotBird was originally launched in November 2024 by developer Akshay Anu S (@AkshayAnuOnline), who claimed in X that the extension was suitable for “creating professional, studio-like visuals” and that all processing was done locally.
According to research published by monxresearch-sec, the browser add-on received the “Featured” flag in January 2025 and was then passed on to another developer (“loraprice198865@gmail.com”) sometime last month.
Similarly, QuickLens was put up for sale on ExtensionHub by “akshayanuonline@gmail.com” on October 11, 2025, just two days after its publication, said John Tuckner of Annex Security. On February 1, 2026, the extension owner changed to “support@doodlebuggle.top” on the Chrome Web Store listing page.
A malicious update introduced to QuickLens on February 17, 2026 retained the original functionality but introduced the ability to remove security headers (such as X-Frame-Options) from all HTTP responses, allowing malicious scripts injected into web pages to bypass Content Security Policy (CSP) protections and make arbitrary requests to other domains.
Additionally, the extension contained code that fingerprinted the user’s country, detected the browser and operating system, and polled an external server every five minutes to receive JavaScript. The JavaScript is stored in your browser’s local storage and runs every time the page loads by adding a hidden 1×1 GIF. Add an element and set the JavaScript string as its “onload” attribute. This causes malicious code to run when the image is loaded.
“The actual malicious code never appears in the extension’s source files,” Tuckner explained. “Static analysis showed us the function that creates the image element, and that’s it. The payload is delivered from the C2 and stored in local storage. The payload exists only at runtime.”
A similar analysis of the ShotBird extension by monxresearch-sec found that callbacks were used directly to deliver JavaScript code instead of creating a 1×1 pixel image to trigger execution. This JavaScript is designed to display a fake Google Chrome browser update prompt that, when clicked, displays a ClickFix-style page and updates the Windows[ファイル名を指定して実行]A dialog will open, launch “cmd.exe” and paste the PowerShell command. As a result, an executable file named “googleupdate.exe” is downloaded to the Windows host.
The malware then hooks the input, textarea, selects the HTML element, and captures the data entered by the victim. This may include credentials, PINs, card details, tokens, and government identifiers. It also has the ability to extract data stored in the Chrome web browser, including passwords, browsing history, and extension-related information.
“This is a two-step exploitation chain: remote browser control on the extension side and host-level execution pivot with fake updates,” the researchers said. “As a result, we observed high-risk data disclosure within the browser and host-side script execution on at least one affected system. In practical terms, this increases the impact of browser-only exploitation to the potential for credential theft and broader endpoint compromise.”
Given the use of the same command-and-control (C2) architecture pattern, the ClickFix decoy injected into the browsing context, and the transfer of ownership as an infection vector, it is assessed that the same actor is behind the compromise of the two extensions, operating such add-ons in parallel.
Interestingly, the developer of the original extension has published several other extensions under his name on the Chrome Web Store, all of which have earned Featured badges. The developer also has an account on ExtensionHub, but there are currently no extensions for sale. Additionally, this individual attempted to sell domains like “AIInfraStack”.[.]com” for $2,500 and states that the “strong keyword domain” is “related to.” [sic] A rapidly growing AI ecosystem. ”
“This is an extended supply chain issue in a nutshell,” Annex Security said. “A ‘Featured’ reviewed extension changes hands and the new owner pushes the weaponized update to all existing users.”
This disclosure comes after Microsoft warned about a malicious Chromium-based browser extension that collects LLM chat history and browsing data under the guise of a legitimate AI assistant tool.
“At scale, this activity turns a seemingly trusted productivity extension into a persistent data collection mechanism built into the everyday use of enterprise browsers, highlighting the growing risk that browser extensions pose to enterprise environments,” the Microsoft Defender security research team said.
In recent weeks, threat hunters have also flagged a malicious Chrome extension named lmΤoken Chromophore (ID: bbhaganppipihlhjgaaeeeefbaoihcgi). The extension impersonates imToken, advertises itself as a hex color visualizer on the Chrome Web Store, and uses a phishing redirect to steal cryptocurrency seed phrases.
“Instead of providing the promised harmless tool, this extension automatically opens a phishing site controlled by threat actors as soon as it is installed and every time the user clicks on it,” said socket researcher Kirill Boychenko.
“During installation, the extension obtains the destination URL from a hard-coded JSONKeeper endpoint (jsonkeeper).[.]com/b/KUWNE) and open a tab pointing to the similar Chrome Web Store style domain chroomewedbstorre-detail-extension.[.]Com. The landing page impersonates imToken using mixed script isomorphisms and directs victims to a credential retrieval flow that requests a 12- or 24-word seed phrase or private key. ”
Other malicious extensions flagged by Palo Alto Networks Networks Unit 42 have been found to be involved in affiliate hijacking and data exfiltration. One of them, Chrome MCP Server – AI Browser Control (ID: fpeabamapgecnidibdmjoepaiehokgda), pretends to be an AI automation tool that uses Model Context Protocol (MCP) while acting as a full-fledged remote access Trojan.
Unit 42 researchers also found that three popular Chrome extensions, Urban VPN Proxy, Urban Browser Guard, and Urban Ad Blocker, identified by Koi as scraping AI conversations from a variety of chatbots, including OpenAI ChatGPT, Anthropic Claude, Microsoft Copilot, DeepSeek, Google Gemini, xAI Grok, Meta AI, and Perplexity, were found in Chrome. They also revealed that they are back on the web store.
Researchers Qinge Xie, Nabeel Mohamed, Shresta Bellary Seetharam, Fang Liu, Billy Melicher, and Alex Starov said, “After the campaign was made publicly available on December 15, 2025, the developers updated a benign version in January 2026, likely in response to the report.”
Additionally, the cybersecurity company identified an extension called Palette Creator (ID: iofmialeiddolmdlkbheakaefefkjokp). The extension has over 100,000 users and its previous version communicated with known network indicators associated with a campaign called RedDirection that performed browser hijacking.
That’s not all. A new campaign consisting of over 30,000 domains was found to start a redirect chain that routes traffic to a landing page (‘ansiblealgorithm'[.]com) is used to distribute the Chrome extension OmniBar AI Chat and Search (ID: ajfanjhcdgaohcbphpaceglgpgaaohod).
This extension uses the chrome_settings_overrides API to change Chrome settings and set the browser’s home page to the omnibar.[.]Use ai and make the default search provider a custom URL: “go.omnibar”[.]ai/?api=omni&sub1=omnibar.ai&q={searchTerms}” to track queries through API parameters.
The end goal is believed to be to perform browser hijacking as part of what appears to be a larger affiliate marketing scheme, Unit 42 said, adding that it has identified two other extensions that exhibit the same browser hijacking behavior consistent with OmniBar via homepage override and search interception.
AI output algo tool (ID: eeoonfhmbjlmienmmbgapfloddpmoalh) Serpey.com official extension (ID: hokdpdlchkgcenfpiibjjfkfmleoknkp)
A closer look at three additional extensions published by the same developer (‘jon@status77.com’ and Status 77) revealed that two of them track users’ browsing activity and insert affiliate markers, and a third extracts users’ Reddit comment threads and sends them to an API endpoint controlled by the developer.
Care.Sale (ID:jaioobipjdejpeckgojiojjahmkiaihp) Giant Coupons Official Extension (ID:akdajpomgjgldidenledjjiemgkjcchc) Consensus – Reddit Comment Summary (ID:mkkfklcadlnkhgapjeejemflhamcdjld)
Users who have installed any of the aforementioned extensions are advised to immediately remove them from their browsers, avoid sideloading or installing unverified productivity extensions, and audit their browsers for unknown extensions and uninstall them.
Source link
