A new malicious browser extension has been discovered that along with two others, are designed to steal credentials, take over browsers and more. Discovered by security researchers at Koi Security, all three extensions are believed to be created by the same threat actor and put millions of Chrome, Edge and Firefox users at risk.
This most recent malware has been dubbed Zoom Stealer and its uses 18 different extensions to steal online meeting information like URLs, embedded passwords, meeting IDs, schedule times, registration status, topics and descriptions. These extensions affect up to 2.2 million Chrome, Firefox and Edge users and are specifically designed to imitate enterprise level tools for video conferencing apps like Google Meet and Zoom.
How to stay safe from malicious browser extensions
As with any other malicious extension, if you've downloaded anything that you suspect isn't entirely legitimate, you should remove it immediately.
After removing a problematic extension, you should always reset your account passwords – often, the recommendation is for all your high profile accounts like your email, online banking and social media ones too. Since this could be a hassle, you should use one of the best password managers to make it easier since many can update compromised passwords for you. A password manager can also help keep your passwords organized, safe and can automatically generate strong and unique passwords for each of your online accounts.
I also always recommend using the best antivirus software as well. An antivirus program may not have caught these malicious extensions, but they can scan for malware, spyware and viruses to help you deal with the fallout from a campaign like this one. Antivirus programs also have browser extensions that can warn you when you try to visit suspicious websites, help protect your data with cloud backups and can provide you with a VPN and other extras to add an extra layer of security to protect you when you're online.
Given how effective malicious extensions like the ones described above have been in the past, I highly doubt cybercriminals are going to stop using them soon. Instead, it's up to you to remain vigilant when it comes to downloading and using new browser extensions. When in doubt though, consider whether or not you really need a particular extension before downloading and adding it to your browser.
Follow Tom's Guide on Google News and add us as a preferred source to get our up-to-date news, analysis, and reviews in your feeds.
More from Tom's Guide
- I write about hackers for a living but these are the 3 real-world threats that worry me most — and how to avoid them in 2026
- From misinformation to AI-powered cyberattacks – the top cybersecurity risks for 2026
- I’m a security editor and these are my 3 security New Years resolutions
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
