Researcher found A Malicious Chrome sync extension can help hackers to steal your data

A Croatian security researcher Bojan Zdrnja has found out a malicious Chrome extensions that can communicate with a remote access and control C&C server can help hackers to steal your personal data.

According to reports ZDNet, Hackers can use the Google Chrome sync feature to send commands to infected browsers and steal your data from infected systems, bypassing traditional firewalls and others network defenses.

In Chrome Browser, When user log in Chrome and sync data with a Chrome sync feature that stores copies of a user’s Chrome browser bookmarks, browsing history, passwords and extensions setting on Google’s cloud servers.

The hacker goal was to use malicious extension to “manipulate data in a internal web application that the victim had access to”. Malicious extensions were a lot of in Chrome Web Stores and Google regularly removes dozens of them from Chrome Web Stores in order to download extensions.

Source 1 ,2