30+ Hidden Browser Extensions Put 4 Million Users at Risk of Cookie Theft

A large family of related browser extensions, deliberately set as 'unlisted' in the Chrome Web Store, have been discovered containing malicious code. These extensions, while advertising legitimate functions, often lacked the code to perform these advertised functions. Instead, they contained hidden functions designed to steal cookies, inject scripts into web pages, replace search providers, and monitor users' browsing activities, all remotely controllable by external command and control servers.