Somebody brought to my attention that the Hide YouTube Shorts extension for Chrome changed hands and turned malicious. I looked into it and could confirm that it contained two undisclosed components: one performing affiliate fraud and the other sending users’ every move to some Amazon cloud server. But that wasn’t all of it: I discovered eleven more extensions written by the same people. Some contained only the affiliate fraud component, some only the user tracking, some both. A few don’t appear to be malicious yet.

Affected extensions:

  • Visual Effects for Google Meet.
  • Karma | Online shopping, but better.
  • Hide YouTube Shorts.
  • M3U8 Downloader.
  • DarkPDF.
  • Sudoku On The Rocks.
  • Dynamics 365 Power Pane.
  • Israel everywhere.
  • Where is Cookie?
  • Quick Stickies.
  • Nucleus: A Pomodoro Timer and Website Blocker.
  • Hidden Airline Baggage Fees.