Over 100 Chrome extensions found stealing your personal Google data — how YOU can protect yourself

Some have posed as clients for the popular encrypted chat app Telegram, while others pretend to be slot machine games, and a few claimed to help translate text or boost your YouTube experience. But behind the scenes, every single one was quietly siphoning off your personal information and sending it to hackers.Out of the 108 fraudulent extensions, 54 were designed to pilfer your Google Account details. If you clicked on these extensions to sign-in, these dodgy apps stole your email address, real name, profile picture, and account ID by leveraging a tool called OAuth2 – a system that lets apps access your Google info.The Telegram-targeting ones are particularly sneaky. They extract your login session data every 15 seconds, giving criminals constant access to your private messages and contacts. Another 45 extensions were found to contain hidden backdoors that could open any website the attackers wanted the moment you launched your browser – no clicking required from you.Researchers from Socket managed to trace all 108 extensions back to a single command-and-control server – essentially one central hub controlling the entire operation.The criminals tried to cover their tracks by publishing the extensions under five different fake developer names, including Yana Project, GameGen, SideGames, Rodeo Games, and InterAlt. However, investigators spotted Russian-language comments scattered throughout several of the add-ons. While nobody's confirmed exactly who's behind this, Socket believes the evidence points towards a Russian malware-as-a-service operation.If you've installed any of these extensions, you'll want to act quickly to remove them.VPN service provider ExpressVPN has published steps to have faulty Chrome extensions removed in a blog post. Follow these steps to remove an extension: Open Chrome and click the three-dot menu (top right). Select Extensions > Manage ExtensionsFind the extension you want removed, click Remove, and then confirmYou may want to restart your browser to ensure the extension is fully removed.LATEST DEVELOPMENTSNightmare' Amazon rule change could leave 2 million Kindle e-readers obsoleteBest VPN dealsRoku is treating million to 5 new channels for freeGoogle reveals tough new rules to block dodgy Android appsIf you have a Telegram-related extension, you'll need to open your Telegram mobile app, find the Devices section, and log out of all your web sessions immediately — attackers may already have access to your conversations.And if you signed into Google through any of these dodgy tools, it's best practice to treat your account as potentially compromised. You'll need to add in your Google account settings and revoke access for any third-party apps you don't recognise.Going forward, you can also take preventive measures by installing one of the best VPN deals on your devices. ExpressVPN offers 4 months free to protect your online activityWith its new multi-tier subscription structure, ExpressVPN has never been more affordableIf you want to unlock the ExpressVPN Basic plan, which offers unlimited access to its award-winning reliable and ludicrously speedy VPN servers across the globe, it has cut monthly subscriptions by 80.If you sign up for a 12-month plan, you'll be gifted with a generous 4 months of access to the award-winning VPN service for free. That equates to under 6 pence per day!What is a VPN?VPN stands for Virtual Private Network.It's an application that encrypts and anonymises everything you do online — bolstering your privacy, hiding your location, and stopping advertisers, trackers, and even governments from keeping tabs on you.VPNs are widely used by businesses to keep proprietary data safe from prying eyes. Whistle-blowers and journalists also rely on these apps to shield sensitive information. And now, VPNs are fast becoming an essential tool for everyone with a smartphone, laptop, desktop PC, streaming set-top box, or tablet.Why should you install a VPN extension like ExpressVPN?Most VPN extensions only encrypt your browser traffic, while a full VPN app encrypts all traffic from your device. However, unlike most Chrome extensions, ExpressVPN’s extension is linked to the full app and protects your entire device, including your browser. While most websites now use HTTPS (HyperText Transfer Protocol Secure), which ensures everything you do on webpages is confidential, some websites can occasionally omit this vital protection.But using a VPN app will ensure that every bit of information and data is protected at all times, even if a website isn’t completely safe. Our Standards: The GB News Editorial Charter