Legitimate Chrome extensions are stealing Facebook passwords via a sophisticated multi-stage attack. Cybercriminals compromised popular extensions, resulting in trojan updates that harvested user data and credentials for Meta services, allowing attackers to misuse business accounts for ad placements. Developers were tricked into authorizing malicious updates through phishing attempts disguised as Google alerts. Users with infected extensions were at risk of losing sensitive information, prompting urgent advice to uninstall compromised updates and reset passwords. This incident highlights the dangers of supply-chain attacks and the need for stronger security measures in extension management.
https://www.kaspersky.com/blog/chrome-extension-malicious-updates-and-mitigations/52871/