Originally reported by BleepingComputer
TL;DR
The QuickLens Chrome extension was compromised to deliver crypto-stealing malware to thousands of users through ClickFix social engineering tactics. Google has since removed the malicious extension from the Chrome Web Store.
While affecting thousands of users with crypto theft capabilities, this represents a contained supply chain compromise of a browser extension that has been removed from the store, rather than active widespread exploitation.
A Chrome extension named "QuickLens - Search Screen with Google Lens" was removed from the Chrome Web Store after being compromised to distribute malware targeting cryptocurrency assets, according to BleepingComputer analysis. The extension affected thousands of users before its removal.
The compromised extension employed ClickFix attack techniques, a social engineering method that tricks users into executing malicious code by presenting fake error messages or system prompts. This tactic has become increasingly prevalent in browser-based attacks, leveraging user trust in seemingly legitimate system notifications.
The QuickLens extension, which originally provided legitimate Google Lens search functionality, was modified to:
This incident highlights ongoing risks in the browser extension ecosystem, where legitimate tools can be compromised post-publication to deliver malicious payloads. The attack demonstrates how threat actors continue to exploit the trusted distribution channels of major platforms like the Chrome Web Store.
The extension's removal indicates Google's detection systems eventually identified the malicious behavior, though not before potentially significant user impact occurred.
Security teams should consider implementing policies around browser extension management, including regular audits of installed extensions and monitoring for suspicious extension behavior. Users in cryptocurrency-adjacent roles represent higher-value targets for these types of supply chain compromises.
Originally reported by BleepingComputer