Socket Security has discovered a cluster of 108 malicious Chrome extensions that steal and send user credentials to the same command-and-control server.

The extensions were published through five developer accounts and are still live on the official Chrome Web Store.

https://socket.dev/blog/108-chrome-ext-linked-to-data-exfil-session-theft-shared-c2