← Back to blogCybersecurity

152 Chrome Extensions Abused for Ads and Fake Website Visits, Full of Malware

By Assist2go3 July 2026

Source: The Hacker News

Warning: Hundreds of Chrome Extensions Secretly Spreading Malware

Be cautious if you have recently installed a nice new wallpaper for your Chrome browser. Cybersecurity researchers have discovered a large network of 152 Google Chrome extensions. These extensions posed as fun live wallpaper applications but actually distributed malware.

They were downloaded by users worldwide with a combined total of 105,000 installations. This is a shocking number and shows how easily cybercriminals can exploit popular functionalities.

The discovered malicious extensions operated through 38 different developer accounts in the Chrome Web Store. Three different brand names were also used as a cover: tabplugins[.] com, yowgames[.]

com, and chromewallpaper[.] com. This combination of factors made it almost impossible for users to recognize the true nature of these extensions.

The discoverers of this fraud have shared this news to warn businesses and consumers about this stealthy threat from an unexpected quarter.

How Does This Deceptive Technique Work?

The core of the problem lies in how these extensions operated. After installing such an 'onyx extension,' as they are also called, not only the browser's wallpaper was changed. They then secretly installed another program on the user's computer.

This additional program, a so-called 'Potentially Unwanted Program' (PUP), was the actual malicious element. These types of programs are often a stepping stone to bigger problems or lead directly to nuisance and financial damage.

These PUPs caused a series of unwanted activities. For example, they could display unsolicited advertisements, even on websites where ads are not normally visible. This can severely hinder the browsing experience and lead to accidentally clicking on harmful links.

Additionally, the extensions were used to send fake visitors to websites. This is also known as 'fake traffic.' This can be done to make websites more attractive to advertisers, or to get malicious websites higher in search results.

Another worrying aspect is that these extensions were often designed to infiltrate deeply into the system. They could potentially download and install other malicious software without the user ever giving permission. This opens the door for phishing attacks, theft of personal data, or the use of the computer as part of a botnet.

The complexity of the operation, with multiple accounts and brands, makes it difficult to detect and remove all malicious extensions simultaneously.

What Does This Mean for Your SMB?

For Small and Medium-sized Businesses (SMBs), these kinds of developments are particularly concerning. Employees often use the same browsers and plugins as home users. If an employee, without malicious intent, installs one of these malicious extensions on their work computer, the consequences for your business can be severe.

This includes the risk of ransomware, leakage of sensitive business data, or disruption of daily operations due to unwanted ads and pop-ups.

The technique used here is clever and deceptive. Companies must be aware of the apparent harmlessness of many browser extensions and apps. These are often downloaded from the official 'stores,' which creates a false sense of security.

It is important to have clear guidelines within your organization for installing software and browser extensions. Employee education is crucial here. They need to know how to recognize potential dangers and what steps to take if there is doubt.

The impact can go beyond just technical problems. If sensitive business data is stolen or if your systems are down for an extended period due to a cyberattack, this can lead to significant financial damage and reputational loss. Customers lose trust if it becomes known that your data is not secure.

Regular software updates and secure operating systems are therefore not a luxury but a necessary investment in the continuity of your business. The use of reliable security software, such as antivirus programs and firewalls, is also essential.

Also consider how you handle the use of external devices or networks. An employee working via an unsecured Wi-Fi network or using an infected USB stick can unknowingly expose the company network to dangers. It is therefore wise to have a clear IT policy that minimizes these risks.

Consider using VPNs for external access and scanning all external media for viruses. These measures may seem complex, but they are essential to cope with the increasingly advanced methods of cybercriminals.

Conclusion

Hundreds of thousands of users, likely including employees of SMBs, may have fallen victim to these deceptive Chrome extensions. By posing as useful tools, they were misused to spread malware, display ads, and generate fake traffic. As an SMB, it is crucial to be alert to these types of threats.

Invest in employee awareness and training, establish clear guidelines for software installations, and ensure adequate security measures. Only by acting proactively can you protect your business from the ever-growing and increasingly sophisticated cyber threats of today.

**Want to know more? ** Also see how Assist2go can help with the right IT service for your company.

Share this article

LinkedIn Facebook https://assist2go.nl/en/blog/152-chrome-extensions-malware-ads-fake-traffic

Need help with IT?

Assist2go helps SMEs with reliable IT, hosting, and security.

Contact us

Related articles