Sources:
https://www.bleepingcomputer.com/news/security/quicklens-chrome-extension-steals-crypto-shows-clickfix-attack/
https://annex.security/blog/pixel-perfect/
Official Discord Server - https://discord.gg/cqqWYDdcBn
Follow me on X - https://www.twitter.com/atericparker | atericparker.bsky.social


Disclaimer: The content in this video is for education and entertainment purposes to showcase the dangers of malware & malicious software. I do not encourage any form of illegal hacking or piracy.



(C) Eric Parker 2026

Eric Parker

A legitimate Chrome extension called Quick Lens was sold on a marketplace and converted into malware that stole crypto and deployed ClickFix attacks on 7,000 users. The extension gained new permissions to strip browser security headers, enabling JavaScript injection from a C2 server. A marketplace exists where extensions with zero revenue are sold, likely for malware distribution purposes. Secure Annex, a security firm monitoring Chrome extensions, detected the ownership change and malicious code. The broader threat is that any popular extension can be acquired and weaponized, and the solution requires browsers and marketplaces to enforce ownership disclosure and stricter reviews.

What happens when Chrome Extensions get sold?