Just as malicious apps can be installed on your phone, browser, and extensions, installing a dangerous extension on Chrome can infect your computer. Similarly, even legitimate extensions can turn malicious if tampered with by hackers.

As reported by The Hacker News, a dangerous new campaign targeting browser extensions has been discovered online. So far, at least 16 extensions have been compromised, putting more than 600,000 Chrome users at risk of having their browsing data and account information exposed online.

Here is all the information you need to know about this new campaign, including a complete list of all extensions compromised so far, as well as tips and tricks to protect yourself from falling victim to these malicious Chrome extensions.

Cybersecurity firm Cyberhaven was first hit after one of its employees was targeted by a phishing attack on Christmas Eve.

To make the initial phishing email more convincing, the hackers behind the campaign made it appear that the message came from Google Chrome Web Store developer support. The email attempted to create a sense of urgency by claiming that the company's extensions would soon be removed from the Chrome Web Store for violating Google's Developer Program Policy.

From there, targeted employees were prompted to click on a link to accept the search giant's new policy. When they did so, they were redirected to a page that gave them permission to access a malicious OAuth app named “Privacy Policy Extension.”

Cyberhaven explained in a blog post that once the necessary permissions were granted, the hacker in question uploaded the malicious Chrome extension from his company account to the Chrome Web Store. After a mandatory security review, the extension was approved and made available for download to all of Chrome's 3.45 billion users.

Credibly, Cyberhaven notified all customers about the incident on December 26 after removing the compromised extension from the Chrome Web Store. The cybersecurity firm is also working with federal law enforcement agencies to help track down the hackers who injected malicious code into its extensions.

Although Cyberhaven was the first, it is not the only company whose Chrome extensions have been tampered with by hackers. Secure Annex, a browser extension security platform, is currently conducting its own investigation into the issue and has so far discovered that more than 20 extensions have been tampered with:

Some of these compromised extensions are now Chrome Web Store, but if they are installed in your browser, you will need to remove them manually:

To do this, open Chrome, click on the three dots menu in the upper right corner, and head to Extensions. There, select Manage Extensions, navigate to the extension you wish to remove, and select Remove to uninstall it. Finally, restart Chrome to ensure that the extension in question has been completely removed from your browser.

If there is an extension that you absolutely need and rely on on a daily basis, check the extension's store page later and re-download it once the patch removes the extension with embedded malicious code.

It is also worth noting that Secure Annex's investigation is ongoing. The company has published a spreadsheet (a publicly available Google Sheet) with detailed information about the malicious extensions it has discovered so far, including whether they have been updated or removed. At the same time, the company is adding new malicious extensions discovered to this list.

As with any phone that uses malicious apps, the easiest way to avoid falling victim to malicious browser extensions is to limit the number you install. Before installing a new extension, first ask yourself if you really need it. You probably don't need it.

From there, you want to carefully check each extension's listing page in the Chrome Web Store before installing it. Does the developer have a good reputation? When was the last time the extension was updated. What are the reviews about this extension? In my experience, Chrome users are very clear in their reviews whether an extension really does what the developer says it does.

As seen in this new campaign, even legitimate Chrome extensions can go bad, so you also want to make sure that all of your computer software (especially your browser) is up to date. Hackers love to target users with outdated software.

To protect yourself from malicious extensions, you want to make sure you are using the best antivirus software on Windows computers and the best Mac antivirus software solution on Apple computers. Antivirus software can help if a rogue extension tries to drop malware on your PC. But for additional protection, it may be worth investing in the best identity theft protection service.

Whether it's an app or an extension, hackers will continue to use the extra software you install on your phone, computer, or browser for attacks. Malicious extensions may not be as common as malicious apps. However, Google's browser is an easy and profitable target for hackers, since Chrome accounts for two-thirds of the global browser market share, according to Statista. In other words, you need to be extremely careful when installing new extensions, even if they seem harmless at first glance.