Researchers have identified a concerning campaign involving 108 malicious Google Chrome extensions that connect to a unified command-and-control infrastructure. This network of extensions is designed to exfiltrate user data and exploit browser functionality by inserting ads and arbitrary JavaScript into every webpage visited. The security firm Socket revealed that these extensions are published under five distinct identities—Yana Project, GameGen, SideGames, Rodeo Games, and InterAlt—and have been installed approximately 20,000 times from the Chrome Web Store. Security researcher Kush Pandya noted that all extensions route stolen credentials, user identities, and browsing data to servers controlled by a single operator. Among these, 54 extensions specifically target Google account identities via OAuth2, 45 contain a backdoor that opens random URLs when the browser starts, and the remaining engage in various other malicious activities. To appear legitimate, the extensions present themselves as tools like Telegram sidebar clients, online games, social media enhancers, and translation utilities. However, they covertly execute malicious code to capture session data and manipulate browsing activity. Some extensions use Chrome's declarativeNetRequest API to strip security headers from sites before they load. Notably, all 108 extensions are linked to the same backend hosted at a specific IP address, though the responsible party remains unidentified. Analysis of the source code has revealed Russian language comments, suggesting a possible origin. Users are strongly advised to uninstall any of these extensions immediately and to secure their accounts by logging out of all Telegram Web sessions via the mobile app.