{"id":24240,"date":"2026-05-07T10:00:36","date_gmt":"2026-05-07T03:00:36","guid":{"rendered":"https:\/\/fpt-is.com\/en\/?post_type=goc_nhin_so&#038;p=24240"},"modified":"2026-06-23T14:11:45","modified_gmt":"2026-06-23T07:11:45","slug":"108-chrome-extensions-are-secretly-stealing-your-account","status":"publish","type":"goc_nhin_so","link":"https:\/\/fpt-is.com\/en\/insights\/108-chrome-extensions-are-secretly-stealing-your-account\/","title":{"rendered":"108 Chrome Extensions are secretly stealing your account &#8211; Are you on the list of victims?"},"content":{"rendered":"<h2 id=\"summary-of-the-campaign\"><span style=\"font-family: arial, helvetica, sans-serif\">Summary of the campaign<\/span><\/h2>\n<p><span style=\"font-family: arial, helvetica, sans-serif\">How did 108 independent Chrome extensions &#8211; from text translation apps to seemingly harmless minigames &#8211; bypass security censorship and silently manipulate over 20,000 browsers? In-depth analysis reveals that all these extensions are fronts, controlled by a single C2 server network operating under a Malware-as-a-Service (MaaS) model. This sophisticated campaign avoids damaging devices to evade detection; instead, it quietly acts like an undercover scout: permanently hijacking Google OAuth identities, periodically &#8220;gutting&#8221; Telegram Web login sessions every 15 seconds, and directly inserting a backdoor into the victim&#8217;s interface. The thought-provoking question for every organization is whether the translation tools or sidebars employees use daily are directly sending internal data to unknown servers. The urgent action now is to review extension installation logs and immediately block the controlling IP range to stop the chain of trust leaks.<\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-24241\" src=\"https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2026\/05\/145178c9-7799-4688-a2e2-ed9247b700c6-1777948292.png\" alt=\"145178c9 7799 4688 A2e2 Ed9247b700c6 1777948292\" width=\"1136\" height=\"1584\" srcset=\"https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2026\/05\/145178c9-7799-4688-a2e2-ed9247b700c6-1777948292.png 1136w, https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2026\/05\/145178c9-7799-4688-a2e2-ed9247b700c6-1777948292-700x976.png 700w\" sizes=\"(max-width: 1136px) 100vw, 1136px\" \/><\/span><\/p>\n<h2 id=\"detection-and-scope-of-impact\"><span style=\"font-family: arial, helvetica, sans-serif\">Detection and Scope of Impact<\/span><\/h2>\n<p><span style=\"font-family: arial, helvetica, sans-serif\">According to the initial analysis, exactly 108 extensions containing malware have been or are being distributed through the Chrome Web Store. Although carefully disguised and released under the names of five independent publishers, including Yana Project, GameGen, SideGames, Rodeo Games, and InterAlt, all these extensions point to a single backend server system. The exploited extensions cover a wide range, targeting all consumer segments: Telegram chat tools in sidebar form, slot machine gambling software, modules for optimizing YouTube\/TikTok resolution, multilingual translation tools, and traditional web display extensions. These malicious programs fully mimic the advertised functionality to deceive users, while the criminal modules&#8230;<\/span><\/p>\n<h2 id=\"the-exploitation-process\"><span style=\"font-family: arial, helvetica, sans-serif\">The exploitation process<\/span><\/h2>\n<p><span style=\"font-family: arial, helvetica, sans-serif\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-24242\" src=\"https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2026\/05\/1d945823-a62b-4505-87bd-4d84026e3e5f-1777948384.png\" alt=\"1d945823 A62b 4505 87bd 4d84026e3e5f 1777948384\" width=\"1280\" height=\"853\" srcset=\"https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2026\/05\/1d945823-a62b-4505-87bd-4d84026e3e5f-1777948384.png 1280w, https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2026\/05\/1d945823-a62b-4505-87bd-4d84026e3e5f-1777948384-700x466.png 700w, https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2026\/05\/1d945823-a62b-4505-87bd-4d84026e3e5f-1777948384-406x271.png 406w\" sizes=\"(max-width: 1280px) 100vw, 1280px\" \/><\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif\"><strong>Initial Access (T1189 &#8211; Drive-by Compromise)<\/strong><\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif\">Attackers trick victims into installing seemingly legitimate extensions from the official Chrome Web Store to establish a foothold for internal attacks.<\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif\"><strong>Execution (T1059 &#8211; Command and Scripting Interpreter)<\/strong><\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif\">As soon as the browser starts, hidden scripts (e.g., loadInfo()) and background runtime are invoked to automatically execute data collection cycles using background installation permissions.<\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif\"><strong>Credential Access (T1539 &#8211; Steal Web Session Cookie \/ T1552 &#8211; Unsecured Credentials)<\/strong><\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif\">Google Account: The extension sends a webhook to call Google&#8217;s OAuth2 API to request permanent profile data (subject ID, email, name).<\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif\">Telegram Account: The malware actively queries the localStorage variable, periodically extracting the key containing the user_auth parameter of Telegram Web.<\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-24243\" src=\"https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2026\/05\/43a28e6c-98e6-48de-b216-d4a4dd65e0b9-1777948449.png\" alt=\"43a28e6c 98e6 48de B216 D4a4dd65e0b9 1777948449\" width=\"771\" height=\"182\" srcset=\"https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2026\/05\/43a28e6c-98e6-48de-b216-d4a4dd65e0b9-1777948449.png 771w, https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2026\/05\/43a28e6c-98e6-48de-b216-d4a4dd65e0b9-1777948449-700x165.png 700w\" sizes=\"(max-width: 771px) 100vw, 771px\" \/><\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif\"><strong>Collection (T1114 &#8211; Email Collection\/Info Theft)<\/strong><\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif\">Text translation tools capture all the victim&#8217;s language query strings due to their ability to read the text input frame, attach them to the X-Key parameter, and steal them. Every draft and secret message that needs to be copied for translation is recorded.<\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif\"><strong>Command and Control (T1071.001 &#8211; Web Protocols)<\/strong><\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif\">All data is illicitly transferred via the TLS protocol directly to the subdomains of cloudapi[.]stream. The attacker maintains a strong C2 capable of sending custom HTML parameters, inserting a backdoor that forces the browser to load remote URL code without user intervention.<\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-24244\" src=\"https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2026\/05\/Command-and-Control-T1071.001-Web-Protocols-1777948661.png\" alt=\"Command And Control (t1071.001 Web Protocols) 1777948661\" width=\"762\" height=\"143\" srcset=\"https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2026\/05\/Command-and-Control-T1071.001-Web-Protocols-1777948661.png 762w, https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2026\/05\/Command-and-Control-T1071.001-Web-Protocols-1777948661-700x131.png 700w\" sizes=\"(max-width: 762px) 100vw, 762px\" \/><\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif\"><img decoding=\"async\" class=\"size-full wp-image-24245 alignnone\" src=\"https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2026\/05\/Command-and-Control-T1071.001-Web-Protocols-1777948687.png\" alt=\"Command And Control (t1071.001 Web Protocols) 1777948687\" width=\"1298\" height=\"560\" srcset=\"https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2026\/05\/Command-and-Control-T1071.001-Web-Protocols-1777948687.png 1298w, https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2026\/05\/Command-and-Control-T1071.001-Web-Protocols-1777948687-700x302.png 700w\" sizes=\"(max-width: 1298px) 100vw, 1298px\" \/><\/span><\/p>\n<h2 id=\"detailed-technical-analysis\"><span style=\"font-family: arial, helvetica, sans-serif\">Detailed Technical Analysis<\/span><\/h2>\n<h3 id=\"steal-telegram-session-periodically\"><span style=\"font-family: arial, helvetica, sans-serif\">Steal Telegram session periodically<\/span><\/h3>\n<p><span style=\"font-family: arial, helvetica, sans-serif\">In the group of extensions masquerading as Telegram integration tools (like Telegram Multi-account), the malware injects the target content.js file into the domain\u00a0<a href=\"https:\/\/web.telegram.org\/%5C\" target=\"_blank\" rel=\"noopener ugc nofollow\">https:\/\/web.telegram.org\/\\<\/a>*. The function getSessionDataJson() scans and exhausts the localStorage area, extracting the web session authentication string and directly transferring it via chrome.runtime.sendMessage().<\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-24246\" src=\"https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2026\/05\/Steal-Telegram-session-periodically-1777948726.png\" alt=\"Steal Telegram Session Periodically 1777948726\" width=\"865\" height=\"189\" srcset=\"https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2026\/05\/Steal-Telegram-session-periodically-1777948726.png 865w, https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2026\/05\/Steal-Telegram-session-periodically-1777948726-700x153.png 700w\" sizes=\"(max-width: 865px) 100vw, 865px\" \/><\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif\">The level of manipulation by the C2 reaches unpredictable heights with the webhook command set_session_changed. After intercepting the request, the server deletes the entire current localStorage and inserts a foreign token. This trick aims to force the victim out of their actual account and use the victim&#8217;s own browser to log in with a different malicious profile.<\/span><\/p>\n<h3 id=\"exploiting-google-oauth2-identification\"><span style=\"font-family: arial, helvetica, sans-serif\">Exploiting Google OAuth2 Identification<\/span><\/h3>\n<p><span style=\"font-family: arial, helvetica, sans-serif\">Instead of attempting phishing for passwords, which carries a high risk of being blocked, 54 extensions in this campaign target Google identity at the infrastructure level. They use the function chrome.identity.getAuthToken to request tokens from users. Once successful, the data sent back to the C2 server includes the permanent sub identifier, along with the email and real name. Collecting the sub index helps the criminals&#8217; CRM cross-reference and ensures they never lose track of the user, even if the victim changes their email later.<\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-24247\" src=\"https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2026\/05\/Exploiting-Google-OAuth2-Identification-1777948785.png\" alt=\"Exploiting Google Oauth2 Identification 1777948785\" width=\"806\" height=\"670\" srcset=\"https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2026\/05\/Exploiting-Google-OAuth2-Identification-1777948785.png 806w, https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2026\/05\/Exploiting-Google-OAuth2-Identification-1777948785-700x582.png 700w\" sizes=\"(max-width: 806px) 100vw, 806px\" \/><\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif\">All Client IDs (about 56 IDs) configured for this purpose belong to only 2 Google Cloud projects: 1096126762051 and 170835003632. This fact alone dispels the facade of separation by the five different publisher names.<\/span><\/p>\n<h3 id=\"universal-backdoor-loadinfo\"><span style=\"font-family: arial, helvetica, sans-serif\"><strong>Universal Backdoor<\/strong>\u00a0<code>loadInfo()<\/code><\/span><\/h3>\n<p><span style=\"font-family: arial, helvetica, sans-serif\">A critical security vulnerability within internal networks lies in the backdoor feature loadInfo(), spread across at least 45 original background configuration files. When Chrome is about to launch, the malware connects to the C2 address. If the response returns a JSON parameter infoURL, the C2 forces the extension to secretly create a tab and immediately redirect the URL. Source analysis shows loadInfo() often uses a concise async\/await technique in minified code format, indicating the insertion of external code rather than from a professional original code source.<\/span><\/p>\n<h3 id=\"x-ro-configuration-security-header\"><span style=\"font-family: arial, helvetica, sans-serif\">Configuration Security Header<\/span><\/h3>\n<p><span style=\"font-family: arial, helvetica, sans-serif\">Instead of attacking webRequest, five extensions have exploited the declarativeNetRequest API (a feature of Manifest V3, known for being more stringent) to strip protection:<\/span><\/p>\n<ul>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">Remove the Content-Security-Policy and X-Frame-Options directives from the target website (TikTok, YouTube).<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">Force the Access-Control-Allow-Origin: * parameter.<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">Spoof the User-Agent.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-family: arial, helvetica, sans-serif\">When all barriers have collapsed, the malware uses unsafe DOM-injection with the innerHTML variable. This results in automatically injecting junk HTML code and slot machine ads directly into the user interfaces of YouTube and TikTok.<\/span><\/p>\n<h2 id=\"command-and-control-c2-server-infrastructure\"><span style=\"font-family: arial, helvetica, sans-serif\">Command and Control (C2) server infrastructure<\/span><\/h2>\n<p><span style=\"font-family: arial, helvetica, sans-serif\">The backend sketch of the 108 malware network fully reveals the C2 infrastructure located at Contabo GmbH VPS, IP 144.126.135.238. The server architecture uses Strapi CMS with a PostgreSQL data core, organized by subdomain, following a standard Malware-as-a-Service ecosystem.<\/span><\/p>\n<ul>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">tg[.]cloudapi[.]stream: Module exfiltration (Endpoint trace with \/save_session.php).<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">mines[.]cloudapi[.]stream: Endpoint for Google identification, providing payload \/user_info for tab-open backdoor.<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">topup[.]cloudapi[.]stream: Station issuing paid portal.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-family: arial, helvetica, sans-serif\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-24248\" src=\"https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2026\/05\/Command-and-Control-C2-server-infrastructure-1777948902.png\" alt=\"Command And Control (c2) Server Infrastructure 1777948902\" width=\"1779\" height=\"791\" srcset=\"https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2026\/05\/Command-and-Control-C2-server-infrastructure-1777948902.png 1779w, https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2026\/05\/Command-and-Control-C2-server-infrastructure-1777948902-700x311.png 700w\" sizes=\"(max-width: 1779px) 100vw, 1779px\" \/><\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-24249\" src=\"https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2026\/05\/Command-and-Control-C2-server-infrastructure-22-1777948922.png\" alt=\"Command And Control (c2) Server Infrastructure 22 1777948922\" width=\"1280\" height=\"1828\" srcset=\"https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2026\/05\/Command-and-Control-C2-server-infrastructure-22-1777948922.png 1280w, https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2026\/05\/Command-and-Control-C2-server-infrastructure-22-1777948922-700x1000.png 700w\" sizes=\"(max-width: 1280px) 100vw, 1280px\" \/><\/span><\/p>\n<h2 id=\"the-main-impact-of-the-campaign\"><span style=\"font-family: arial, helvetica, sans-serif\">The main impact of the campaign<\/span><\/h2>\n<p><span style=\"font-family: arial, helvetica, sans-serif\">Instead of conducting ransomware encryption or system destruction, this campaign of distributing 108 extensions focuses on gathering intelligence and exploiting long-term trust. The direct impact chain includes:<\/span><\/p>\n<ul>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">Silent corporate data leaks (DLP Bypass): Translation and text processing tools are covertly sending all content handled by employees to the C2. This poses a risk of exposing source code, confidential contracts, and business secrets, which DLP solutions find difficult to detect due to packets being encrypted through Chrome&#8217;s standard TLS layer.<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">Widespread Account Takeover (ATO): By stealing OAuth tokens directly and extracting localStorage data from Telegram Web, the attacker maintains a backdoor to access internal resources, completely bypassing two-factor authentication (2FA\/MFA). This allows them to turn real identity accounts into bait for future internal phishing campaigns.<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">Exploitation and attack on the local supply chain: With the backdoor loadInfo(), the browsers of tens of thousands of personnel can be commanded by the C2 to open tabs running scripts to DDoS other targets, download OS-level malicious payloads, or simply manipulate displayed content (DOM-injection) to insert financial ads and scams directly onto their work screens.<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">Serious compliance violations: The overall picture reveals significant weaknesses in the organization&#8217;s endpoint management (BYOD or lack of Allowlist Extension policy). It threatens strict security standards like ISO 27001 or PCI DSS when devices carry uncontrolled risks.<\/span><\/li>\n<\/ul>\n<h2 id=\"expert-opinion\"><span style=\"font-family: arial, helvetica, sans-serif\">Expert opinion<\/span><\/h2>\n<p><span style=\"font-family: arial, helvetica, sans-serif\">The evolution of software in official stores often creates a false sense of security, yet risks are growing in the era of Manifest V3. Many cybersecurity engineers assume that updating Chrome&#8217;s Manifest V3 will &#8220;patch&#8221; malware by eliminating the ability to block\/modify webRequest packets. On the contrary, this campaign of 108 extensions clearly demonstrates how hackers have perfectly adapted by exploiting the available API\u2014declarativeNetRequest. They blur the line between content moderation and violating Content-Security-Policy.<\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif\">In the bigger picture, this is not an isolated act of individual theft but a smooth criminal business process (MaaS). The backend system manages cross-identity (Google Subject ID), builds Telegram Session warehouses, and maintains a separate payment module, illustrating the remarkably organized scale of this hacker group. The critical point for organizations lies in seemingly benign plugins like &#8220;Translation tool.&#8221; When employees copy and translate regular text (sensitive contracts, code, architectural configurations), they rely on this intermediary channel to silently push data to the hidden \/Translation request of the C2. A current Data Loss Prevention (DLP) solution struggles to detect these silent leaks passing through the SSL\/HTTPS layer, often mistakenly perceived as a natural application feature.<\/span><\/p>\n<h2 id=\"recommendation\"><span style=\"font-family: arial, helvetica, sans-serif\">Recommendation<\/span><\/h2>\n<p><span style=\"font-family: arial, helvetica, sans-serif\"><strong>Immediate (0-24h)<\/strong><\/span><\/p>\n<ul>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">Review the DNS filter system, EDR, and web proxy firewall, and ensure the addition of rules to completely deny and block inbound\/outbound traffic with domains *.cloudapi[.]stream, top[.]rodeo, and IP 144.126.135.238.<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">Initiate a centralized scan from Endpoint Manager or Active Directory on all devices. Force uninstall if a match is found with the extension ID strings in the whitelist. Simultaneously, force logout (revoke credentials) for any suspicious sessions working with Google.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-family: arial, helvetica, sans-serif\"><strong>Short-term (1-7 days)<\/strong><\/span><\/p>\n<ul>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">Develop SIEM Correlation Rules to hunt for unusual actors, especially user-agent groups with a strong connection history to web.telegram.org or\u00a0<a href=\"https:\/\/www.googleapis.com\/oauth2\/v3\/userinfo\" target=\"_blank\" rel=\"noopener ugc nofollow\">https:\/\/www.googleapis.com\/oauth2\/v3\/userinfo<\/a>\u00a0not originating from the main Desktop\/Web App.<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">Establish a process to clear caches and local tokens for suspicious users.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-family: arial, helvetica, sans-serif\"><strong>Long-term<\/strong><\/span><\/p>\n<ul>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">Switch entirely from a passive &#8220;Blocklist&#8221; model to an active &#8220;Allowlist&#8221; for all extensions operating on devices. The company should approve only plugins from publishers with a trust tier and a publicly available patch repository. Block any interference from extensions to internal domains.<\/span><\/li>\n<\/ul>\n<h2 id=\"mitre-attampck\"><span style=\"font-family: arial, helvetica, sans-serif\"><strong>MITRE ATT&amp;CK<\/strong><\/span><\/h2>\n<ul>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">T1176 &#8211; Browser Extensions<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">T1539 &#8211; Steal Web Session Cookie<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">T1528 &#8211; Steal Application Access Token<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">T1041 &#8211; Exfiltration Over C2 Channel<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">T1071.001 &#8211; Application Layer Protocol: Web Protocols<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">T1027 &#8211; Obfuscated Files or Information<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">T1185 &#8211; Browser Session Hijacking<\/span><\/li>\n<\/ul>\n<h2 id=\"indicators-of-compromise-iocs\"><span style=\"font-family: arial, helvetica, sans-serif\"><strong>Indicators of Compromise (IOCs)<\/strong><\/span><\/h2>\n<h4 id=\"email-address\"><span style=\"font-family: arial, helvetica, sans-serif\"><strong>Email address<\/strong><\/span><\/h4>\n<ul>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><code>kiev3381917@gmail[.]com<\/code><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><code>formatron.service@gmail[.]com<\/code><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"http:\/\/nashprom.info\/\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>nashprom.info<\/code><\/a><code>@gmail[.]com<\/code><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><code>viktornadiezhdin@gmail[.]com<\/code><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><code>support@top[.]rodeo<\/code><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><code>slava.nadejdin.kiev@gmail[.]com<\/code><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><code>nadejdinv@gmail[.]com<\/code><\/span><\/li>\n<\/ul>\n<h4 id=\"publisher-name\"><span style=\"font-family: arial, helvetica, sans-serif\"><strong>Publisher name<\/strong><\/span><\/h4>\n<ul>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><code>Yana Project<\/code><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><code>GameGen<\/code><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><code>SideGames<\/code><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><code>Rodeo Games<\/code><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><code>InterAlt<\/code><\/span><\/li>\n<\/ul>\n<p><span style=\"font-family: arial, helvetica, sans-serif\"><strong>Project Credentials<\/strong><\/span><\/p>\n<ul>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">Google Cloud Project:\u00a0<code>1096126762051<\/code><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">Google Cloud Project:\u00a0<code>170835003632<\/code><\/span><\/li>\n<\/ul>\n<p><span style=\"font-family: arial, helvetica, sans-serif\"><strong>Network Indicators<\/strong><\/span><\/p>\n<ul>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><code>cloudapi[.]stream<\/code><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><code>tg[.]cloudapi[.]stream<\/code><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><code>mines[.]cloudapi[.]stream<\/code><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><code>topup[.]cloudapi[.]stream<\/code><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><code>cdn[.]cloudapi[.]stream<\/code><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><code>multiaccount[.]cloudapi[.]stream<\/code><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><code>wheel[.]cloudapi[.]stream<\/code><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><code>gamewss[.]cloudapi[.]stream<\/code><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><code>api[.]cloudapi[.]stream<\/code><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><code>chat[.]cloudapi[.]stream<\/code><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><code>crm[.]cloudapi[.]stream<\/code><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><code>top[.]rodeo<\/code><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><code>metal[.]cloudapi[.]stream<\/code><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><code>144[.]126[.]135[.]238<\/code><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><code>coin-miner[.]cloudapi[.]stream<\/code><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><code>goldminer[.]cloudapi[.]stream<\/code><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><code>herculessportslegend[.]cloudapi[.]stream<\/code><\/span><\/li>\n<\/ul>\n<p><span style=\"font-family: arial, helvetica, sans-serif\"><strong>C2 Endpoints<\/strong><\/span><\/p>\n<ul>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><code>tg[.]cloudapi[.]stream\/save_session.php<\/code><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><code>tg[.]cloudapi[.]stream\/count_sessions.php<\/code><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><code>tg[.]cloudapi[.]stream\/get_sessions.php<\/code><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><code>tg[.]cloudapi[.]stream\/get_session.php<\/code><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><code>tg[.]cloudapi[.]stream\/delete_session.php<\/code><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><code>tg[.]cloudapi[.]stream\/save_title.php<\/code><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><code>mines[.]cloudapi[.]stream\/auth_google<\/code><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><code>mines[.]cloudapi[.]stream\/user_info<\/code><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><code>mines[.]cloudapi[.]stream\/slot_test\/<\/code><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><code>api[.]cloudapi[.]stream:8443\/Register<\/code><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><code>api[.]cloudapi[.]stream:8443\/Translation<\/code><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><code>top[.]rodeo\/server\/remote.php<\/code><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><code>top[.]rodeo\/server\/remote3.php<\/code><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><code>top[.]rodeo\/notify.php<\/code><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><code>cloudapi[.]stream\/install\/<\/code><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><code>cloudapi[.]stream\/uninstall\/<\/code><\/span><\/li>\n<\/ul>\n<p><span style=\"font-family: arial, helvetica, sans-serif\"><strong>Chrome Extension IDs<\/strong><\/span><\/p>\n<ol>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/obifanppcpchlehkjipahhphbcbjekfa\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>obifanppcpchlehkjipahhphbcbjekfa<\/code><\/a>\u00a0&#8211; Telegram Multi-account<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/mdcfennpfgkngnibjbpnpaafcjnhcjno\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>mdcfennpfgkngnibjbpnpaafcjnhcjno<\/code><\/a>\u00a0&#8211; Web Client for Telegram &#8211; Teleside<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/mmecpiobcdbjkaijljohghhpfgngpjmk\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>mmecpiobcdbjkaijljohghhpfgngpjmk<\/code><\/a>\u00a0&#8211; YouSide &#8211; Youtube Sidebar<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/bfoofgelpmalhcmedaaeogahlmbkopfd\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>bfoofgelpmalhcmedaaeogahlmbkopfd<\/code><\/a>\u00a0&#8211; Web Client for Youtube &#8211; SideYou<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/cbfhnceafaenchbefokkngcbnejached\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>cbfhnceafaenchbefokkngcbnejached<\/code><\/a>\u00a0&#8211; Web Client for TikTok<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/ogogpebnagniggbnkbpjioobomdbmdcj\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>ogogpebnagniggbnkbpjioobomdbmdcj<\/code><\/a>\u00a0&#8211; Text Translation<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/ldmnhdllijbchflpbmnlgndfnlgmkgif\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>ldmnhdllijbchflpbmnlgndfnlgmkgif<\/code><\/a>\u00a0&#8211; Page Locker<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/lnajjhohknhgemncbaomjjjpmpdigedg\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>lnajjhohknhgemncbaomjjjpmpdigedg<\/code><\/a>\u00a0&#8211; Page Auto Refresh<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/aecccajigpipkpioaidignbgbeekglkd\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>aecccajigpipkpioaidignbgbeekglkd<\/code><\/a>\u00a0&#8211; Web Client for Rugby Rush &#8211; SideGame<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/akebbllmckjphjiojeioooidhnddnplj\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>akebbllmckjphjiojeioooidhnddnplj<\/code><\/a>\u00a0&#8211; Formula Rush Racing Game<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/akifdnfipbeoonhoeabdicnlcdhghmpn\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>akifdnfipbeoonhoeabdicnlcdhghmpn<\/code><\/a>\u00a0&#8211; Piggy Prizes &#8211; Slot Machine<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/akkkopcadaalekbdgpdikhdablkgjagd\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>akkkopcadaalekbdgpdikhdablkgjagd<\/code><\/a>\u00a0&#8211; Slot Arabian<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/alkfljfjkpiccfgbeocbbjjladigcleg\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>alkfljfjkpiccfgbeocbbjjladigcleg<\/code><\/a>\u00a0&#8211; Frogtastic<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/alllblhkgghelnejlggmmgjbkdabidie\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>alllblhkgghelnejlggmmgjbkdabidie<\/code><\/a>\u00a0&#8211; Black Beard Slot Machine<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/amkkjdjjgiiamenbopfpdmjcleecjjgg\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>amkkjdjjgiiamenbopfpdmjcleecjjgg<\/code><\/a>\u00a0&#8211; Indian &#8211; Slot Machine<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/amnaljnjmgajgajelnplfmidgjgbjfhe\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>amnaljnjmgajgajelnplfmidgjgbjfhe<\/code><\/a>\u00a0&#8211; Mahjong Deluxe<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/bbjdlbemjklojnbifkgameepcafflmem\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>bbjdlbemjklojnbifkgameepcafflmem<\/code><\/a>\u00a0&#8211; Crazy Freekick<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/bdnanfggeppmkfhkgmpojkhanoplkacc\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>bdnanfggeppmkfhkgmpojkhanoplkacc<\/code><\/a>\u00a0&#8211; Slot Car Racing<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/bgdkbjcdecedfoejdfgeafdodjgfohno\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>bgdkbjcdecedfoejdfgeafdodjgfohno<\/code><\/a>\u00a0&#8211; Clear Cache Plus<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/bnchgibgpgmlickioneccggfobljmhjc\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>bnchgibgpgmlickioneccggfobljmhjc<\/code><\/a>\u00a0&#8211; Galactica Delux &#8211; Slot Machine<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/bpljfbcejldmgeoodnogeefaihjdgbam\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>bpljfbcejldmgeoodnogeefaihjdgbam<\/code><\/a>\u00a0&#8211; Speed Test for Chrome &#8211; WiFi SpeedTest<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/cbnekafldflkmngbgmbnfmchjaelnhem\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>cbnekafldflkmngbgmbnfmchjaelnhem<\/code><\/a>\u00a0&#8211; Game SkySpeedster<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/cdpiopekjeonfjeocbfebemgocjciepp\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>cdpiopekjeonfjeocbfebemgocjciepp<\/code><\/a>\u00a0&#8211; Master Chess<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/cehdkmmfadpplgchnbjgdngdcjmhlfcc\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>cehdkmmfadpplgchnbjgdngdcjmhlfcc<\/code><\/a>\u00a0&#8211; Hockey Shootout<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/cljengcehefhflhoahaambmkknjekjib\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>cljengcehefhflhoahaambmkknjekjib<\/code><\/a>\u00a0&#8211; Odds Of The Gods &#8211; Slot Machine<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/clpgopiimdjcilllcjncdkoeikkkcfbi\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>clpgopiimdjcilllcjncdkoeikkkcfbi<\/code><\/a>\u00a0&#8211; Billiards Pro<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/cmeoegkmpbpcoabhlklbamfeidebgmdf\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>cmeoegkmpbpcoabhlklbamfeidebgmdf<\/code><\/a>\u00a0&#8211; Three Card Poker<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/cmlbghnlnbjkdgfjlegkbjmadpbmlgjb\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>cmlbghnlnbjkdgfjlegkbjmadpbmlgjb<\/code><\/a>\u00a0&#8211; Donuts &#8211; Slot Machine<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/cnibdhllkgidlgmaoanhkemjeklneolk\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>cnibdhllkgidlgmaoanhkemjeklneolk<\/code><\/a>\u00a0&#8211; Archer &#8211; Slot Machine<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/cpnfioldnmhaihohppoaebillnambcgn\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>cpnfioldnmhaihohppoaebillnambcgn<\/code><\/a>\u00a0&#8211; Rugby Rush<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/dbohcpohlgnhgjmfkakoniiplglpfhcb\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>dbohcpohlgnhgjmfkakoniiplglpfhcb<\/code><\/a>\u00a0&#8211; Bingo<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/dcamdpfclondppklabgkfaofjccpioil\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>dcamdpfclondppklabgkfaofjccpioil<\/code><\/a>\u00a0&#8211; Web Client for game Cricket Batter Challenge<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/dljlpildgknddpnahppkihgodokfjbnd\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>dljlpildgknddpnahppkihgodokfjbnd<\/code><\/a>\u00a0&#8211; Slot Machine Zeus Treasures<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/dlpiookhionidajbiopmaajeckifeehn\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>dlpiookhionidajbiopmaajeckifeehn<\/code><\/a>\u00a0&#8211; Horse Racing<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/dmaibhbbpmdihedidicfeigilkbobcog\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>dmaibhbbpmdihedidicfeigilkbobcog<\/code><\/a>\u00a0&#8211; Aztec &#8211; Slot Machine<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/dohenclhhdfljpjlnpjnephpccbdgmmb\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>dohenclhhdfljpjlnpjnephpccbdgmmb<\/code><\/a>\u00a0&#8211; Straight 4<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/dpdemambcedffmnkfmkephnhhnclmcio\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>dpdemambcedffmnkfmkephnhhnclmcio<\/code><\/a>\u00a0&#8211; Slot The Gold Pot<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/ejlcbfmhjbkgohopdkijfgggbikgbacb\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>ejlcbfmhjbkgohopdkijfgggbikgbacb<\/code><\/a>\u00a0&#8211; American Roulette Royale<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/eljfpgehlncincemdmmnebmnlcmfamhm\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>eljfpgehlncincemdmmnebmnlcmfamhm<\/code><\/a>\u00a0&#8211; Asia Slot<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/enmmilgindjmffoljaojkcgloakmloen\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>enmmilgindjmffoljaojkcgloakmloen<\/code><\/a>\u00a0&#8211; Web Client for game Drive Your Car<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/eoklnfefipnjfeknpmigmogeeepddcch\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>eoklnfefipnjfeknpmigmogeeepddcch<\/code><\/a>\u00a0&#8211; Jurassic Giants &#8211; Slot Machine<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/fddajeklkkggbnppabbhkdmnkdjindlo\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>fddajeklkkggbnppabbhkdmnkdjindlo<\/code><\/a>\u00a0&#8211; Street Basketball<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/fibgndhgobbaaekmnneapojgkcehaeac\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>fibgndhgobbaaekmnneapojgkcehaeac<\/code><\/a>\u00a0&#8211; Tarot Side Panel<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/fjfhejmbhpabkacpoddjbcfandjoacmb\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>fjfhejmbhpabkacpoddjbcfandjoacmb<\/code><\/a>\u00a0&#8211; Dragon Slayer &#8211; Slot Machine<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/flkdjodmoefccepdihipjdlianmkmhgc\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>flkdjodmoefccepdihipjdlianmkmhgc<\/code><\/a>\u00a0&#8211; Best Blackjack<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/fmajpchoiahphjiligpmghnhmabolhoh\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>fmajpchoiahphjiligpmghnhmabolhoh<\/code><\/a>\u00a0&#8211; Book Of Magic &#8211; Slot Machine<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/gaafhblhbnkekenogcjniofhbicchlke\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>gaafhblhbnkekenogcjniofhbicchlke<\/code><\/a>\u00a0&#8211; Snake &#8211; Slot Machine<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/gbaoddbbpompjhmilbgiaapkkakldlpc\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>gbaoddbbpompjhmilbgiaapkkakldlpc<\/code><\/a>\u00a0&#8211; Dice King &#8211; Classic Craps And Roll Game<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/gbhhgipmedccnankkjchgcidiigmioio\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>gbhhgipmedccnankkjchgcidiigmioio<\/code><\/a>\u00a0&#8211; Slot Ramses<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/gfhcdakcnpahfdealajmhcapnhhablbp\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>gfhcdakcnpahfdealajmhcapnhhablbp<\/code><\/a>\u00a0&#8211; Battleship War<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/gipmochingljoikdjakkdolfcbphmlom\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>gipmochingljoikdjakkdolfcbphmlom<\/code><\/a>\u00a0&#8211; Gold Miner 2<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/glofhphmolanicdaddgkmhfmjidjkaem\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>glofhphmolanicdaddgkmhfmjidjkaem<\/code><\/a>\u00a0&#8211; Greyhound Racing &#8211; Dog Race Simulator<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/haochenfmhglpholokliifmlpafilfdc\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>haochenfmhglpholokliifmlpafilfdc<\/code><\/a>\u00a0&#8211; Hercules: Sports Legend<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/hbobdcfpgonejphpemijgjddanoipbkj\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>hbobdcfpgonejphpemijgjddanoipbkj<\/code><\/a>\u00a0&#8211; Flicking Soccer<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/hdmppejcahhppjhkncagagopecddokpi\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>hdmppejcahhppjhkncagagopecddokpi<\/code><\/a>\u00a0&#8211; Voodoo Magic &#8211; Slot Machine<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/heljkmdknlfhiecpknceodpbokeipigo\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>heljkmdknlfhiecpknceodpbokeipigo<\/code><\/a>\u00a0&#8211; Web Client for Hockey Shootout &#8211; SideGame<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/hiofkndodabpioiheinoiojjobadpgmj\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>hiofkndodabpioiheinoiojjobadpgmj<\/code><\/a>\u00a0&#8211; MASTER CHECKERS<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/hkbihmjhjmehlocilifheeaeiljabenb\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>hkbihmjhjmehlocilifheeaeiljabenb<\/code><\/a>\u00a0&#8211; Watercraft Rush<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/hlmdnedepbbihmbddepemmbkenbnoegd\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>hlmdnedepbbihmbddepemmbkenbnoegd<\/code><\/a>\u00a0&#8211; Car Rush<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/hmlnefhgicedcmebmkjdcogieefbaagl\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>hmlnefhgicedcmebmkjdcogieefbaagl<\/code><\/a>\u00a0&#8211; Video Poker Deuces Wild<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/hnpbijogiiaegambgpaenjbcbgaeimlf\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>hnpbijogiiaegambgpaenjbcbgaeimlf<\/code><\/a>\u00a0&#8211; Slot Machine Ultimate Soccer<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/ibelidmkbnjmmpjgfibbdbkamgcbnjdm\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>ibelidmkbnjmmpjgfibbdbkamgcbnjdm<\/code><\/a>\u00a0&#8211; Christmas Eve &#8211; Slot Machine<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/ihbkmfoadnfjgkpdmgcboiehapkiflme\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>ihbkmfoadnfjgkpdmgcboiehapkiflme<\/code><\/a>\u00a0&#8211; Columbus Voyage &#8211; Slot Machine<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/ijccacgjefefdpglhclnbpfjlcbagafm\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>ijccacgjefefdpglhclnbpfjlcbagafm<\/code><\/a>\u00a0&#8211; High or Low Casino Game<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/ijfmkphjcogaealhjgijjfjlkpdhhojk\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>ijfmkphjcogaealhjgijjfjlkpdhhojk<\/code><\/a>\u00a0&#8211; Goalkeeper Challenge<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/ijpgccpmogehkjhdmomckpkfcpbjlmnj\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>ijpgccpmogehkjhdmomckpkfcpbjlmnj<\/code><\/a>\u00a0&#8211; Tropical Beach &#8211; Slot Machine<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/imjmnghlhiimodfkdkgnfplhlobehnpm\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>imjmnghlhiimodfkdkgnfplhlobehnpm<\/code><\/a>\u00a0&#8211; BlackJack 3D<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/jddinhnhplibccfmniaakhffpjpnaglp\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>jddinhnhplibccfmniaakhffpjpnaglp<\/code><\/a>\u00a0&#8211; Web Client for game Classic Bowling<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/jmopjanoebpdbopigcbpjhiigmjolikk\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>jmopjanoebpdbopigcbpjhiigmjolikk<\/code><\/a>\u00a0&#8211; Raging Zeus Mines<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/jnmmbmkmbkcccpihjgnhjmhhkokfdnfe\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>jnmmbmkmbkcccpihjgnhjmhhkokfdnfe<\/code><\/a>\u00a0&#8211; Classic Backgammon<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/jodocbbdcdclkhjkibnlfhbmllcpfkfo\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>jodocbbdcdclkhjkibnlfhbmllcpfkfo<\/code><\/a>\u00a0&#8211; Slot Machine The Fruits<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/kahcolfecjbejjjadhjafmihdnifonjf\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>kahcolfecjbejjjadhjafmihdnifonjf<\/code><\/a>\u00a0&#8211; Baccarat<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/kblomapfkjidbbbdllmofkcakcenkmec\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>kblomapfkjidbbbdllmofkcakcenkmec<\/code><\/a>\u00a0&#8211; Mini Golf World<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/kbmindomjiejdikjaagfdbdfpnlanobi\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>kbmindomjiejdikjaagfdbdfpnlanobi<\/code><\/a>\u00a0&#8211; Gold Rush &#8211; Slot Machine<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/kbnkkecifeppobnemkielnpagifkobki\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>kbnkkecifeppobnemkielnpagifkobki<\/code><\/a>\u00a0&#8211; Pirat Slot<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/kjnakdbpijigdbfepipnbafnhbcfdkga\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>kjnakdbpijigdbfepipnbafnhbcfdkga<\/code><\/a>\u00a0&#8211; 40 Imperial Crown &#8211; Slot Machine<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/kknakidneabpfgepadgpkibalcnabnnh\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>kknakidneabpfgepadgpkibalcnabnnh<\/code><\/a>\u00a0&#8211; 3D Soccer Slot Machine<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/klglejfbdeipgklgaepnodpjcnhaihkd\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>klglejfbdeipgklgaepnodpjcnhaihkd<\/code><\/a>\u00a0&#8211; Premium Horse Racing<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/kmiidcaojgeepjlccoalkdimgpfnbagj\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>kmiidcaojgeepjlccoalkdimgpfnbagj<\/code><\/a>\u00a0&#8211; Tanks Game<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/lcijkepobdokkgmefebkiejhealgblle\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>lcijkepobdokkgmefebkiejhealgblle<\/code><\/a>\u00a0&#8211; Caribbean Stud Poker<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/lefndgfmmbdklidbkeifpgclmpnhcilg\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>lefndgfmmbdklidbkeifpgclmpnhcilg<\/code><\/a>\u00a0&#8211; Wild Buffalo &#8211; Slot Machine<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/lfkknbmaifjomagejflmjklcmpadmmdg\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>lfkknbmaifjomagejflmjklcmpadmmdg<\/code><\/a>\u00a0&#8211; Aqua &#8211; Slot Machine<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/ljbgkfbiifhpgpipepnfefijldolkhlm\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>ljbgkfbiifhpgpipepnfefijldolkhlm<\/code><\/a>\u00a0&#8211; Game Crypto Merge<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/lmcpbhamfpbonaenickjclacodolkbdl\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>lmcpbhamfpbonaenickjclacodolkbdl<\/code><\/a>\u00a0&#8211; Sherwood Forest &#8211; Slot Machine<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/lmgenhmehbcolpikplhkoelmagdhoojn\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>lmgenhmehbcolpikplhkoelmagdhoojn<\/code><\/a>\u00a0&#8211; Web Client for game Fatboy Dream<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/maeccdadgnadblfddcmanhpofobhgfme\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>maeccdadgnadblfddcmanhpofobhgfme<\/code><\/a>\u00a0&#8211; Lone Star Jackpots &#8211; Slot Machine<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/medkneifmjcpgmmibfppjpfjbkgbgebl\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>medkneifmjcpgmmibfppjpfjbkgbgebl<\/code><\/a>\u00a0&#8211; Hidden Kitty Game<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/mheomooihiffmcgldolenemmplpgoahn\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>mheomooihiffmcgldolenemmplpgoahn<\/code><\/a>\u00a0&#8211; Keno<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/mmbbjakjlpmndjlbhihlddgcdppblpka\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>mmbbjakjlpmndjlbhihlddgcdppblpka<\/code><\/a>\u00a0&#8211; Jokers Bonanza &#8211; Slot Machine<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/mmbkmjmlnhocfcnjmbchmflamalekbnb\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>mmbkmjmlnhocfcnjmbchmflamalekbnb<\/code><\/a>\u00a0&#8211; Penalty Kicks<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/nbgligggjfgkpphhghhjdoiefbimgooc\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>nbgligggjfgkpphhghhjdoiefbimgooc<\/code><\/a>\u00a0&#8211; Pai Gow Poker<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/ncpdkpcgmdhhnmcjgiiifdhefmekdcnf\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>ncpdkpcgmdhhnmcjgiiifdhefmekdcnf<\/code><\/a>\u00a0&#8211; Metal Calculator<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/ndajcmifndknmkckdcdefkpgcodciggk\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>ndajcmifndknmkckdcdefkpgcodciggk<\/code><\/a>\u00a0&#8211; Farm &#8211; Slot Machine<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/nelbpdjegmhhgpfcjclhdmkcglimkjpp\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>nelbpdjegmhhgpfcjclhdmkcglimkjpp<\/code><\/a>\u00a0&#8211; Rail Maze Puzzle<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/nkacmelgoeejhjgmmgflbcdhonpaplcg\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>nkacmelgoeejhjgmmgflbcdhonpaplcg<\/code><\/a>\u00a0&#8211; RED DOG CARD GAME<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/nmegibgeklckejdlfhoadhhbgcdjnojb\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>nmegibgeklckejdlfhoadhhbgcdjnojb<\/code><\/a>\u00a0&#8211; Coin Miner 2<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/nodobilhjanebkafmpihkpoabiggnnfl\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>nodobilhjanebkafmpihkpoabiggnnfl<\/code><\/a>\u00a0&#8211; Black Ninja &#8211; Slot Machine<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/oanpifaoclmgmflmddlgkikfaggejobn\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>oanpifaoclmgmflmddlgkikfaggejobn<\/code><\/a>\u00a0&#8211; Pyramid Solitaire<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/ocflhkadmmnlbieoiiekfcdcmjcfeahe\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>ocflhkadmmnlbieoiiekfcdcmjcfeahe<\/code><\/a>\u00a0&#8211; Chrome Client for Downhill Ski &#8211; SideGame<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/odeccdcabdffpebnfancpkepjeecempn\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>odeccdcabdffpebnfancpkepjeecempn<\/code><\/a>\u00a0&#8211; Slot Machine Mr Chicken<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/oejhnncfanbaogjlbknmlgjpleachclf\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>oejhnncfanbaogjlbknmlgjpleachclf<\/code><\/a>\u00a0&#8211; Web Client for French Roulette &#8211; SideGame<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/ogbaedmbbmmipljceodeimlckohbnfan\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>ogbaedmbbmmipljceodeimlckohbnfan<\/code><\/a>\u00a0&#8211; 3D Roulette Casino Game<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/ojkbafekojdcedacileemekjdfdpkbkf\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>ojkbafekojdcedacileemekjdfdpkbkf<\/code><\/a>\u00a0&#8211; Slot Machine Space Adventure<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/pdgaknahllnfldmclpcllpieafkaibmf\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>pdgaknahllnfldmclpcllpieafkaibmf<\/code><\/a>\u00a0&#8211; Whack &#8217;em All<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/peflgkmfmoijonfgcjdlpnnfdegnlaji\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>peflgkmfmoijonfgcjdlpnnfdegnlaji<\/code><\/a>\u00a0&#8211; Video Poker Jacks or Better<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/phfkdailnomcbcknpdmokejhellbecjb\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>phfkdailnomcbcknpdmokejhellbecjb<\/code><\/a>\u00a0&#8211; Swimming Pro<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/pkghgkfjhjghinikeanecbgjehojfhdg\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>pkghgkfjhjghinikeanecbgjehojfhdg<\/code><\/a>\u00a0&#8211; InterAlt<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/chrome\/package\/pllkanemicadpcmkfodglahcocfdgkhj\/overview\" target=\"_blank\" rel=\"noopener ugc nofollow\"><code>pllkanemicadpcmkfodglahcocfdgkhj<\/code><\/a>\u00a0&#8211; Gold of Egypt &#8211; Slot Machine<\/span><\/li>\n<\/ol>\n<h2 id=\"reference\"><span style=\"font-family: arial, helvetica, sans-serif\">Reference<\/span><\/h2>\n<p><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/socket.dev\/blog\/108-chrome-ext-linked-to-data-exfil-session-theft-shared-c2\" target=\"_blank\" rel=\"noopener ugc nofollow\">https:\/\/socket.dev\/blog\/108-chrome-ext-linked-to-data-exfil-session-theft-shared-c2<\/a><\/span><br \/>\n<span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/arstechnica.com\/security\/2025\/04\/researcher-uncovers-dozens-of-sketchy-chrome-extensions-with-4-million-installs\/\" target=\"_blank\" rel=\"noopener ugc nofollow\">https:\/\/arstechnica.com\/security\/2025\/04\/researcher-uncovers-dozens-of-sketchy-chrome-extensions-with-4-million-installs\/<\/a><\/span><\/p>\n<p>&nbsp;<\/p>\n<table style=\"border-collapse: collapse;width: 100%\">\n<tbody>\n<tr>\n<td style=\"width: 100%\"><span style=\"font-family: arial, helvetica, sans-serif\"><b>Exclusive article by an expert from FPT Corporation<\/b><\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif\"><i>Luu Tuan Anh &#8211; FPT Information Security Center<\/i><\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"author":21,"featured_media":24250,"parent":0,"template":"","nang_luc":[821],"danh_muc_goc_nhin_so":[],"dich_vu":[],"linh_vuc":[],"platform":[],"san_pham":[],"the_goc_nhin_so":[],"class_list":["post-24240","goc_nhin_so","type-goc_nhin_so","status-publish","has-post-thumbnail","hentry","nang_luc-security"],"acf":[],"_links":{"self":[{"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/goc_nhin_so\/24240","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/goc_nhin_so"}],"about":[{"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/types\/goc_nhin_so"}],"author":[{"embeddable":true,"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/users\/21"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/media\/24250"}],"wp:attachment":[{"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/media?parent=24240"}],"wp:term":[{"taxonomy":"nang_luc","embeddable":true,"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/nang_luc?post=24240"},{"taxonomy":"danh_muc_goc_nhin_so","embeddable":true,"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/danh_muc_goc_nhin_so?post=24240"},{"taxonomy":"dich_vu","embeddable":true,"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/dich_vu?post=24240"},{"taxonomy":"linh_vuc","embeddable":true,"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/linh_vuc?post=24240"},{"taxonomy":"platform","embeddable":true,"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/platform?post=24240"},{"taxonomy":"san_pham","embeddable":true,"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/san_pham?post=24240"},{"taxonomy":"the_goc_nhin_so","embeddable":true,"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/the_goc_nhin_so?post=24240"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}