A coordinated campaign of 108 malicious Chrome extensions has been discovered stealing Telegram sessions, harvesting Google OAuth identities, and deploying universal backdoors. Operating as a Malware-as-a-Service platform via shared C2 infrastructure, the extensions bypass security headers and inject arbitrary content while masquerading as legitimate tools and games.