Date: 30 January 2026.
The Hacker News report that "researchers have discovered malicious Google Chrome extensions that come with capabilities to hijack affiliate links, steal data, and collect OpenAI ChatGPT authentication tokens."
One such extension, Amazon Ads Blocker, "is part of a larger cluster of 29 browser add-ons".
The add-ons "target several e-commerce platforms like AliExpress, Amazon, Best Buy, Shein, Shopify, and Walmart."
Use the link below to view the complete list published by The Hacker News.
Read more: Malware found in more Google Chrome extensions
Related News
Earlier this month (January 2026) The Hacker News reported "researchers have discovered five new malicious Google Chrome web browser extensions" masquerading "as human resources (HR) and enterprise resource planning (ERP) platforms like Workday, NetSuite, and SuccessFactors to take control of victim accounts."
Read more: Malware found in 5 more Google Chrome extensions
In December 2025 The Hacker News reported that malware had also been found in 17 Firefox browser extensions.
Read more: Malware found in 17 Firefox Add-ons
And previously that "a popular VPN extension for Google Chrome and Microsoft Edge was caught secretly harvesting AI conversations from ChatGPT, Claude, and Gemini."
Read more: Featured Chrome browser extension caught intercepting millions of users' AI chats
The Hacker News subsequently reported that the developer of Google Chrome extension 'Trust Wallet' was urging users to update it to the latest version following what it described as a "security incident" that led to the loss of approximately $7 million.
Read more: Trust Wallet Chrome extension bug
In August 2025, another Chrome extension was reported to have been observed collecting screenshots, system information, and users' locations.
How should you respond?
Are free VPN extensions too good to be true?
Probably.
In theory any browser extension could be similarly exploited.
So keep your use of browser extensions to the absolute minimum.
And look out for suspicious behaviour in your browser.
If an extension you installed a long time ago suddenly starts to behave differently (example, unexpected pop-ups, performance issues) then consider that it may have received a malicious update.
If you suspect foul play then uninstall the extension.
Better still, uninstall and reinstall the latest release of the browser application.
Finally, don't assume that a "Featured" badge in an online marketplace and millions of existing users means an extension may not at some future date be harmful.
About The Hacker News
"The Hacker News (THN) stands as a top and reliable source for the latest updates in cybersecurity. As an independent outlet, we offer balanced and thorough insights into the cybersecurity sector, trusted by professionals and enthusiasts alike."
Subscribe to The Hacker News newsletter when you visit the following link.
And keep up to speed with the latest security threats affecting your Operating System, Web Browser and Website.
Make Joomla! CMS Security your #1 Priority
We help and support managers responsible for Joomla! CMS websites in UK business and third sector organisations across Cheshire, Greater Manchester, Merseyside and North West England.
Your personal data is nobody's business.