From Millions of people spied on by malicious browser extensions in Chrome and Edge (https://www.malwarebytes.com/blog/news/2025/07/millions-of-people-spied-on-by-malicious-browser-extensions-in-chrome-and-edge?utm_campaign=brandsocial&utm_medium=social&utm_source=facebook&fbclid=IwY2xjawLbrBhleHRuA2FlbQIxMQBicmlkETFIMm53V3VpMnVTMDBUdjZXAR6Nw1AwUzpkJywCqcR-HrPU8Dx9J8QLyGsyBg7lks_LPIjqr5DLRmUCMiB6bA_aem_DxlHr9V2sPWYBGhFYUgx0Q) by Pieter Arntz:
QuoteResearchers (https://blog.koi.security/google-and-microsoft-trusted-them-2-3-million-users-installed-them-they-were-malware-fb4ed4f40ff5) have discovered a campaign that tracked users' online behavior using 18 browser extensions (https://www.malwarebytes.com/blog/threats/browser-extensions) available in the official Chrome and Edge webstores. The total number of installs is estimated to be over two million.
These extensions offered functionality, received good reviews, touted verification badges, and some even enjoyed featured placement.
But when an extension has been available in the web store for a while, cybercriminals can insert malicious code through updates to the extension. Some researchers refer to the clean extensions as "sleeper agents (https://layerxsecurity.com/blog/sleeper-sound-layerx-uncovers-malicious-sleeper-sound-management-extensions-with-nearly-1-5-million-users-worldwide/)." These sleeper agents are the bases for future malicious activity.
See the referenced article for additional information, including the list of extensions and what to do.
Volume Max/Volume Booster are used in schools...
Good stuff by Metallica, as usual
This is reassuring:
QuoteRun a full system Malwarebytes scan to check for additional infections. This will also allow you to remove all affected extensions from Chrome and Edge. Malwarebytes blocks these domains so our users are safe.