April 16, 2026, 7:53 am | Read time: 2 minutes

Common Origin Behind Multiple Providers

The examined extensions appear under various names and categories. They are distributed by five different publishers. Nevertheless, Socket sees evidence that all offerings originate from the same source. The exact entity behind them is unknown. However, the report indicates that the source code contains hints of a Russian-speaking origin.

All extensions use the same infrastructure to transmit data. The main goal is to collect user data and utilize Google Chrome for advertising and executing malicious software. The extensions have been downloaded about 20,000 times in total. Although this number is relatively low, the spread can quickly increase. The security firm provides a complete list on its website. Known extensions include “Telegram Multi-Account,” “Web Client for Telegram – Teleside,” and “Formula Rush Racing Game.”

Also of interest: Security Flaw in Windows 11! Researcher Releases Controversial Code

While the game collects data from the Google account, the Telegram extensions access communication data and can take it over. Other add-ons pose as tools for YouTube or TikTok, offer translations, or appear as small games.

Specific Risks and Recommended Actions

The extensions are distributed under the names Yana Project, GameGen, SideGames, Rodeo Games, and InterAlt. Despite different names, they all reportedly lead to the same source. The programs can enable identity theft, read Telegram chats, or even influence them.

Additionally, 54 of the extensions contain a universal backdoor that allows for various abuses. Socket therefore recommends removing all affected extensions immediately. Users should also log out of all Telegram sessions, both in the browser and the app.