Users of Google Chrome are advised to remove 16 browser extensions deemed “malicious” which pose a security risk and potential “fraudulent” activities by a well-known “threat actor.”

These extensions impact features related to capturing screens, blocking ads, using emoji keyboards, among others, and have the potential to affect over 3.2 million users, as noted by GitLab Threat Intelligence, the first to raise awareness about this issue.

These extensions insert code and damaging scripts into the browsers, enabling cybercriminals to pilfer user information and partake in fraudulent activities related to advertising revenue, as indicated by Tom’s Guide.

After users granted permission to use them, the extensions, while legitimate, were infected with malicious updates that corrupted them.

According to tech site Notebook Check, the attack was traced to developer accounts that unknowingly transferred control of extensions to the attackers, whose dangerous updates were available through official browser extension stores.

The dangerous extensions include:

• Blipshot
• Emojis (Emoji Keyboard)
• Color Changer for YouTube
• Video Effects for YouTube and Audio Enhancer
• Themes for Chrome and YouTube Picture in Picture
• Mike Adblock für Chrome
• Super Dark Mode
• Emoji Keyboard Emojis for Chrome
• Adblocker for Chrome (NoAds)
• Adblock for You
• Adblock for Chrome
• Nimble Capture
• KProxy
• Page Refresh
• Wistia Video Downloader 
• WAToolkit

The targeted extensions already have been removed from the Chrome Web Store, but users should manually delete them if they are still installed on their browsers.

Tom’s Guide advises then using antivirus software to scan for malware or other viruses.