Wednesday, May 14, 2025
HomeComputer SecurityBeware !! Chrome Spyware Extensions Stealing Facebook Data, Location and Millions of...

Beware !! Chrome Spyware Extensions Stealing Facebook Data, Location and Millions of Users Browser History

Published on

SIEM as a Service

Follow Us on Google News

Malicious Chrome extensions that contain huge spyware campaign stealing Facebook data, users location and browsing histories of millions of users.

The researcher conducting the deep scan of all publicly available Chrome extensions which revealed a lot of suspicious activities and the malicious requests that is made to various Facebook domains.

These Chrome extensions are downloaded and used by more than 420,000 users. Following extension are discovered as a spyware extension.

- Advertisement - Google News

It’s not limited only by Chrome extensions but the researcher identified a malicious Android app that performs the very similar operation of chrome extensions that installed more than 11,000,000 users according to Google Play and selling the installed users data.

Malicious apps are connecting to the Unimania servers and it was unclear that who is behind the Unimania’s owners or affiliates and profit of the stolen data.

Stealing the data from Browser

Once the malicious extension gets installed, it will collect the victims facebook data whenever users logged into Facebook after start the browser.

Later it parses the victim’s browser history including the sensitive information such as your purchase history and sends it to anum-public-panel-prod.s3.amazonaws.com amazon s3 bucket which rented by the Malware authors.

According to adguard, Users data that being shared including  Facebook “interests” and shockingly they can also see all of the victims Facebook posts, sponsored posts, tweets, the YouTube videos and ads you see or interact with, along with a poorly hashed user ID and totally UN-hashed location data.

Malware authors linked this malicious extentsions privacy policy to the Unimania. Inc, that indicates the Information we collect includes nonpersonally identifiable demographic and psychographic data as well as sponsored campaigns, advertisements or posts that target you directly or that have been shared with you.

This is not malicious activities are not only associated with Chrome extension but one particular app that was connecting to the Unimania servers.

This was an alternative Facebook client called Fast – Social App with a record of more than 10,000,000 installs according to Google Play.

The campaign is run by a supposed Israeli company named “Unimania, Inc.” Unfortunately, I was not able to trace this further back to Unimania’s owners or affiliates and I can’t say who is profiting from the data. adguard Researcher said.

Also Read:

Chrome 67 Released With Fix for 34 Security Issues and Support for Password-Free Logins

PassProtect – Google Chrome Plugin Tell You If your Password has Been Breached

Malicious Chrome and Edge Browser Extension Deliver Powerful Backdoor & RAT to Spy Victims PC

100,000 Users Infected With the Password Stealing Malicious Chrome Extension Distributed Through Facebook

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Microsoft Patch Tuesday May 2025 Released With the Fixes for 72 Flaws With 5 Actively Exploited 0-Day

Microsoft has released its May 2025 Patch Tuesday updates, addressing 72 security vulnerabilities across...

Ivanti Released Security Updates to Fix for the Mutiple RCE Vulnerabilities – Patch Now

Ivanti, a leading enterprise software provider, has released critical security updates addressing vulnerabilities across...

Fortinet FortiVoice Zero-day Vulnerability Actively Exploited in The Wild

A critical stack-based buffer overflow vulnerability (CWE-121) has been discovered in multiple Fortinet products,...

Ransomware Attacks Surge by 123% Amid Evolving Tactics and Strategies

The 2025 Third-Party Breach Report from Black Kite highlights a staggering 123% surge in...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Hackers Weaponize KeePass Password Manager to Spread Malware and Steal Passwords

Threat actors have successfully exploited the widely-used open-source password manager, KeePass, to spread malware...

Researchers Uncover Remote IT Job Fraud Scheme Involving North Korean Nationals

The United States indicted fourteen North Korean nationals for orchestrating a sophisticated scheme to...

Lumma Stealer Upgraded with PowerShell Tools and Advanced Evasion Techniques

Sophos Managed Detection and Response (MDR) in September 2024, the notorious Lumma Stealer malware...