Malicious Chrome Extensions Caught Stealing Business Data, Emails, and Browsing History

Staff Editor 2026-02-13
Malicious Chrome Extensions Caught Stealing Business Data, Emails, and Browsing History

Malicious Chrome Extensions Caught Stealing Business Data, Emails, and Browsing History

https://thehackernews.com/2026/02/malicious-chrome-extensions-caught.html

Publish Date: 2026-02-13 06:25:00

Source Domain: thehackernews.com

Cybersecurity researchers have discovered a malicious Google Chrome extension that’s designed to steal data associated with Meta Business Suite and Facebook Business Manager.

The extension, named CL Suite by @CLMasters (ID: jkphinfhmfkckkcnifhjiplhfoiefffl), is marketed as a way to scrape Meta Business Suite data, remove verification pop-ups, and generate two-factor authentication (2FA) codes. The extension has 33 users as of writing. It was first uploaded to the Chrome Web Store on March 1, 2025.

However, the browser add-on also exfiltrates TOTP codes for Facebook and Meta Business accounts, Business Manager contact lists, and analytics data to infrastructure controlled by the threat actor, Socket said.

“The extension requests broad access to meta.com and facebook.com and claims in its privacy policy that 2FA secrets and Business Manager data remain local,” security researcher Kirill Boychenko said.

“In practice, the code transmits TOTP seeds and current one-time security codes, Meta Business ‘People’ CSV exports, and Business Manager analytics data to a backend at getauth[.]pro, with an option to forward the same payloads to a Telegram channel controlled by the threat actor.”

By targeting users of Meta Business Suite and Facebook Business Manager, the threat actor behind the operation has leveraged the extension to conduct data collection and exfiltration without users’ knowledge or consent.

While the extension does not have capabilities to steal password-related information, the attacker could obtain such information beforehand from other sources, such as infostealer logs or credential dumps, and then use the stolen codes to gain unauthorized access to victims’ accounts.

The full scope of the malicious add-on’s capabilities is listed below –

  • Steal TOTP seed (a unique, alphanumeric code that’s used to generate time-based one-time passwords) and 2FA code
  • Target Business Manager “People” view by navigating to facebook[.]com and meta[.]com and build a CSV…

Source

More Stories

Gaming soundbar can be hijacked from over 16 yards away without touch or pairing — the company allegedly refuses to label the blatant security flaw a cybersecurity risk

Gaming soundbar can be hijacked from over 16 yards away without touch or pairing — the company allegedly refuses to label the blatant security flaw a cybersecurity risk

Staff Editor 2026-06-06
White House EO Seeks Early Evaluation of Frontier AI Models

White House EO Seeks Early Evaluation of Frontier AI Models

Staff Editor 2026-06-06
New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration

New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration

Staff Editor 2026-06-06

Terms and Conditions - Privacy Policy