According to ICEBRG, they found malicious behavior from the four following extensions:
- Change HTTP Request Header (ppmibgfeefcglejjlpeihfdimbkfbbnm)
- Nyoogle – Custom Logo for Google (ginfoagmgomhccdaclfbbbhfjgmphkph)
- Lite Bookmarks (mpneoicaochhlckfkackiigepakdgapj)
- Stickies – Chrome’s Post-it Notes (djffibmpaakodnbmcdemmmjmeolcmbae)
The extensions had already been taken down after ICEBRG notified the National Cyber Security Centre of The Netherlands (NCSC-NL), the United States Computer Emergency Readiness Team (US-CERT), and the Google Safe Browsing Operations team. However, a number of users may still be using the said infected extensions.
Source: Bleeping Computer