Google Chrome users are facing a serious security threat due to malicious extensions containing spyware. Hackers have been able to plant malware in seemingly harmless Chrome extensions, enabling them to eavesdrop on users’ browsing activities and pilfer sensitive information.

The discovery of these rogue extensions was made by the Koi Security team. Initially appearing clean, these extensions later deploy data-stealing spyware unnoticed. Over 2 million individuals are believed to have been impacted by this issue, with 18 Chrome extensions identified as carriers of the malware, some of which received positive reviews and were available on the official Chrome store.

Among the affected extensions are emoji keyboards, weather services, YouTube add-ons, and more. The list includes extensions for both Chrome and Edge browsers, targeting a wide range of functionalities.

To safeguard against potential threats, users are advised to take immediate action. Security experts recommend clearing browsing data to eliminate any stolen tracking identifiers or session tokens left by the malicious extensions. Additionally, users should monitor their accounts for suspicious activities, enable two-factor authentication, and consider resetting their browser settings to default.

Google has acted promptly to remove the compromised extensions, ensuring new users are not exposed to the malware. This proactive measure aims to mitigate further risks associated with these malicious Chrome extensions.