A serious cybersecurity concern has emerged for millions of internet users after a trusted browser tool turned into a platform for data theft. A popular Chrome extension, designed for on-screen image searches similar to Google Lens, was reportedly compromised and used to steal cryptocurrency wallet credentials and login details.
The issue came to light when cybersecurity researchers discovered suspicious scripts inside what was earlier considered a safe and legitimate extension. Until mid-February, the tool worked normally. Soon after a change in ownership, a new version was released containing malicious code. After the update, users began seeing fake “Google Update” and “Security Alert” messages asking them to act immediately.
According to a report, the attackers used a method called “ClickFix.” When users clicked the fake alert, hidden code ran in the background. This allowed hackers to access saved browser logins, cryptocurrency wallet addresses, and other sensitive data without users knowing.
Researchers said the update added remote code execution features. The malicious version used an image pixel onload trick, enabling attackers to run commands remotely on affected systems. Such techniques are becoming common in advanced browser-based attacks where victims do not notice any immediate signs.
Security experts called the incident a classic supply chain attack. In these cases, a trusted extension is acquired by a new owner who misuses the existing user base. Since Chrome extensions update automatically, the infected version was silently delivered to all users. Around 7,000 users were actively using the extension at the time of the breach.
After the incident became public, Google removed the extension from the Chrome Web Store and appears to have automatically disabled it in users’ browsers. However, experts warned that users who clicked the fake alerts during the active period may still face data exposure risks.
In an earlier incident, Trust Wallet confirmed that its official Chrome extension had been compromised, leading to digital asset losses. Experts say browser extensions are increasingly targeted for financial crimes.
Security professionals advise users to install only necessary extensions, regularly check permissions, and avoid clicking unexpected pop-ups. Updates should be done only through official web stores or verified websites.
The case highlights how even trusted digital tools can become threats, reinforcing the need for constant online vigilance.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream LinkedIn | The Mainstream Facebook | The Mainstream Youtube | The Mainstream Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
