Trend Micro detected a new botnet dubbed Droidclub distributed through malicious chrome extensions. Attackers used malvertising and social engineering methods to display fake messages that tricks users into installing the malicious extensions. More than 423,992 users have been affected with the bot and a total of 89 extensions removed from chrome web store. The malicious extensions reported to Google by Trend Micro and they are disabled now. The combination of the extension and the library can steal data entered into forms such as names, credit card numbers, CVV numbers, email addresses, and phone numbers.”]
Source: https://gbhackers.com/droidclub-botnet-chrome-extensions/