top of page
OceanVertical

Zoom Stealer Strikes 2.2 Million Browsers

  • cypac1
  • Dec 30, 2025
  • 2 min read
zoom stealer

It seemed harmless at first. A simple browser extension that let you download videos or record audio. But then it quietly requested access to Zoom, Microsoft Teams, Google Meet, and WebEx and began streaming your company’s private meetings to a threat actor.

This is not fiction. It is happening now and affecting millions.


Researchers have discovered a large-scale operation involving malicious browser extensions known as “Zoom Stealer,” which have been installed by around 2.2 million users on popular browsers including Chrome, Firefox, and Microsoft Edge. Though they seem legitimate, these extensions covertly harvest sensitive information from online meetings.


Why It Matters

This isn’t just about privacy. It’s about industrial espionage. With access to your meeting URLs names times and company info threat actors could:

  • Eavesdrop on strategic conversations

  • Sell your meeting links or participant info

  • Craft highly convincing social engineering attacks

  • Impersonate company insiders with chilling accuracy

Your web browser might be handing attackers the context not just the credentials.


Meanwhile forums and cybersecurity communities are sharing detection scripts removal instructions and tips to validate extensions. There is also increased pressure on browser vendors to strengthen their extension vetting and sandboxing policies.


Takeaway

Your cybersecurity strategy can’t end at antivirus and firewalls. It needs to extend into your team’s everyday behavior including which browser extensions they use. Just because something is in the Chrome Web Store doesn’t mean it is safe.

Auditing extensions isn’t just a hygiene task. It is a front line defense against invisible threats like Zoom Stealer.


Stay safe out there

-Mars

New Funnies!


Why did the IT team join a band?

They had a great backup.


Why did marketing blame the breach on Mercury retrograde?

Because it sounded more plausible than admitting they clicked a PDF labeled “2025 Brand Strategy FINAL.pdf.”


Why did the IT guy bring a ladder to work?

To reach the cloud.


Why do browsers have an incognito mode?

So users can feel safe while still doing unsafe things.

 
 
 

Comments

bottom of page