The known malicious extensions include “Color Picker, Eyedropper — Geco colorpick,” “VPN Proxy to Unblock Discord Anywhere,” “Emoji keyboard online — copy&paste your emoji,” “Free Weather Forecast,” “Unlock Discord,” “Dark Theme — Dark Reader for Chrome,” “Volume Max — Ultimate Sound Booster,” “Unblock TikTok — Seamless Access with One-Click Proxy,” “Unlock YouTube VPN,” “Unlock TikTok,” and “Weather.”
Marketplace gaps and long-term risks
The incident underscores systemic weaknesses in browser extension governance. Google and Microsoft’s verification processes failed to detect the malware, even as some of the extensions received promotional placement and trust badges.
“Attackers have successfully exploited every trust signal users rely on — verification badges, install counts, featured placement, years of legitimate operation, and positive reviews,” said Dardikman. “These credibility mechanisms were turned against the users.”
