top of page
ALL POSTS
82 Chrome Extensions Caught Selling User Data to Third Parties, Affecting Millions
Key Findings LayerX Security identified 82 Chrome extensions explicitly reserving the right to sell user data to third parties At least 6.5 million users are affected across confirmed cases 75 of the 82 extensions remain active on the Chrome Web Store with only 7 removed Data collection practices are disclosed in privacy policies but largely unnoticed by users 29 extensions operate as sales intelligence tools capturing internal corporate browsing activity Background Most peop
Apr 282 min read
Windsurf IDE Extension Exploits Solana Blockchain for Developer Data Theft
Here's the article in the requested format: Key Findings * Malicious Windsurf IDE extension targeting software developers * Uses Solana blockchain to retrieve encrypted malware instructions * Selectively avoids targeting systems with Russian connections * Steals passwords and browser session cookies * Creates persistent hidden task for continued system access Background A new cybersecurity threat has emerged targeting software developers through a sophisticated malware campai
Mar 192 min read
Malicious VS Code AI Extensions Threaten Developer Security
Key Findings Two malicious Microsoft Visual Studio Code (VS Code) extensions, disguised as AI-powered coding assistants, have over 1.5 million combined installs and are stealing developer source code. The extensions, "ChatGPT - 中文版" and "ChatGPT - ChatMoss(CodeMoss)", capture every file being opened and every source code modification, and send the data to servers located in China without user knowledge or consent. The extensions also incorporate real-time monitoring and devic
Jan 262 min read
bottom of page
