Six more developers have had their Chrome extensions hijacked in the past four months. Attackers used phishing emails to fool developers into handing over login credentials for their Chrome developer accounts. Researchers found malicious code added to these extensions was specially crafted to carry out the following operations: Retrieve a JavaScript file from a random DGA-generated domain, harvest Cloudflare credentials from the user’s browser, replace ads on legitimate sites with ads supplied by the hijacker. All eight extensions have been hijacked and delivered malicious code to nearly 4.8 million users.
Source: https://www.bleepingcomputer.com/news/security/eight-chrome-extensions-hijacked-to-deliver-malicious-code-to-4-8-million-users/