chore: update feeds 2026-04-20

Author: github-actions[bot]

browser_extensions_list.csv

@@ -110,10 +110,8 @@ Swimming Pro,*phfkdailnomcbcknpdmokejhellbecjb*,phfkdailnomcbcknpdmokejhellbecjb
 InterAlt,*pkghgkfjhjghinikeanecbgjehojfhdg*,pkghgkfjhjghinikeanecbgjehojfhdg,malware,malicious,https://socket.dev/blog/108-chrome-ext-linked-to-data-exfil-session-theft-shared-c2,,
 Gold of Egypt - Slot Machine,*pllkanemicadpcmkfodglahcocfdgkhj*,pllkanemicadpcmkfodglahcocfdgkhj,malware,malicious,https://socket.dev/blog/108-chrome-ext-linked-to-data-exfil-session-theft-shared-c2,,
 Pro search,*jnannpdmmiphnkpaooplhegabbghlplj*,jnannpdmmiphnkpaooplhegabbghlplj,malware,malicious,,shows fake antivirus alerts constantly and capture browsing activities, 
-ChatGPT Ad Blocker,*ipmmidjikiklckbngllogmggoofbhjikgb*,ipmmidjikiklckbngllogmggoofbhjikgb,malware,malicious,https://github.com/mthcht/ThreatIntel-Reports/blob/b65e17489a8485bf5893c481de58e363c2ce35f6/Intel%20Reports/thehackernews_com/2026_04_weekly-recap-axios-hack-chrome-0-day_html/content.txt#L788,steal the ChatGPT conversations data,
 Color Picker - Eyedropper,*gogbiohkminacikoppmljeolgccpmlop*,gogbiohkminacikoppmljeolgccpmlop,PUP,privacy,https://x.com/tuckner/status/2039777577452155131,spying on you,
 JSON Formatter,*bcjindcccaagfpapjjmafapmmgkkhgoa*,bcjindcccaagfpapjjmafapmmgkkhgoa,PUP,privacy,https://chromewebstore.google.com/detail/json-formatter/bcjindcccaagfpapjjmafapmmgkkhgoa/reviews,https://x.com/wesbos/status/2039355472830939319?s=20,
-,*nplfchpahihleeejpjmodggckakhglee*,plfchpahihleeejpjmodggckakhglee,malware,malicious,https://x.com/i/status/1907925793336078675,bank credential stealer,
 ,*ckkjdiimhlanonhceggkfjlmjnenpmfm*,ckkjdiimhlanonhceggkfjlmjnenpmfm,malware,malicious,https://x.com/i/status/1907925793336078675,bank credential stealer,
 Chrome MCP Server - AI Browser Control,*fpeabamapgecnidibdmjoepaiehokgda*,fpeabamapgecnidibdmjoepaiehokgda,malware,malicious,https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/dbdcea6a9f5684a9268c39e60c667c5c9c06263b/2026-02-11-IOCs-for-RAT-disguinsed-as-AI-based-browser-extension.txt,RAT AI browser extension,0cbf101e96f6d5c4146812f07105f8b89bd76dd994f540470cd1c4bc37df37d5
 OmniBar AI Chat and Search,*ajfanjhcdgaohcbphpaceglgpgaaohod*,ajfanjhcdgaohcbphpaceglgpgaaohod,malware,malicious,https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2026-03-09-Threat-Alert-30K-domains-distributing-malicious-AI-related-browser-extension.txt,Malicious AI browser extension,21dd863ff9bbd15da01c1218bf92bd65eeae04a41876e10c41733b58035414c4
@@ -1789,7 +1787,6 @@ FakeGPT,*hacfaophiklaeolhnmckojjjjbnappen*,hacfaophiklaeolhnmckojjjjbnappen,malw
 ,*olkcbimhgpenhcboejacjpmohcincfdb*,olkcbimhgpenhcboejacjpmohcincfdb,malware,malicious,https://blog.avast.com/malicious-extensions-chrome-web-store,,
 ,*ooaehdahoiljphlijlaplnbeaeeimhbb*,ooaehdahoiljphlijlaplnbeaeeimhbb,malware,malicious,https://blog.avast.com/malicious-extensions-chrome-web-store,,
 ,*pidecdgcabcolloikegacdjejomeodji*,pidecdgcabcolloikegacdjejomeodji,malware,malicious,https://blog.avast.com/malicious-extensions-chrome-web-store,,
-,*nmmhkkegccagdldgiimedpiccmgmiedagg4*,nmmhkkegccagdldgiimedpiccmgmiedagg4,malware,malicious,https://www.malwarebytes.com/blog/threat-intelligence/2023/07/criminals-target-businesses-with-malicious-extension-for-metas-ads-manager-and-accidentally-leak-stolen-accounts,,
 ,*dlddmedljhmbgdhapibnagaanenmajcm*,dlddmedljhmbgdhapibnagaanenmajcm,malware,malicious,https://www.welivesecurity.com/2013/07/30/versatile-and-infectious-win64expiro-is-a-cross-platform-file-infector/,,
 Micro Search Chrome Extension,*bbgbmlkfflffccognkcbbmkakbejnado*,bbgbmlkfflffccognkcbbmkakbejnado,malware,malicious,https://keepaware.com/blog/trojan-extension-malware-3-year-campaign-300k-infections,,
 Qcom search bar,*bcmmbhidjmodkbeidljmhcijhkchokcj*,bcmmbhidjmodkbeidljmhcijhkchokcj,malware,malicious,https://keepaware.com/blog/trojan-extension-malware-3-year-campaign-300k-infections,,

feeds/elastic_detection_rule.ndjson

@@ -1,12 +1,12 @@
 {
   "feed_name": "ExtSentry - Browser Extension Threat Intelligence",
   "feed_version": "1.0",
-  "generated": "2026-04-20T09:27:54Z",
+  "generated": "2026-04-20T10:36:16Z",
   "source": "https://github.com/mthcht/awesome-lists",
   "license": "TLP:CLEAR",
-  "total_indicators": 1882,
+  "total_indicators": 1879,
   "categories": {
-    "malware": 1672,
+    "malware": 1669,
     "PUP": 5,
     "compromised": 92,
     "cryptocurrency": 90,
@@ -1239,17 +1239,6 @@
       "crx_sha256": null,
       "chrome_webstore_url": "https://chromewebstore.google.com/detail/jnannpdmmiphnkpaooplhegabbghlplj"
     },
-    {
-      "extension_id": "ipmmidjikiklckbngllogmggoofbhjikgb",
-      "extension_name": "ChatGPT Ad Blocker",
-      "wildcard_pattern": "*ipmmidjikiklckbngllogmggoofbhjikgb*",
-      "category": "malware",
-      "threat_type": "malicious",
-      "reference_url": "https://github.com/mthcht/ThreatIntel-Reports/blob/b65e17489a8485bf5893c481de58e363c2ce35f6/Intel%20Reports/thehackernews_com/2026_04_weekly-recap-axios-hack-chrome-0-day_html/content.txt#L788",
-      "description": "steal the ChatGPT conversations data",
-      "crx_sha256": null,
-      "chrome_webstore_url": "https://chromewebstore.google.com/detail/ipmmidjikiklckbngllogmggoofbhjikgb"
-    },
     {
       "extension_id": "gogbiohkminacikoppmljeolgccpmlop",
       "extension_name": "Color Picker - Eyedropper",
@@ -1272,17 +1261,6 @@
       "crx_sha256": null,
       "chrome_webstore_url": "https://chromewebstore.google.com/detail/bcjindcccaagfpapjjmafapmmgkkhgoa"
     },
-    {
-      "extension_id": "plfchpahihleeejpjmodggckakhglee",
-      "extension_name": null,
-      "wildcard_pattern": "*nplfchpahihleeejpjmodggckakhglee*",
-      "category": "malware",
-      "threat_type": "malicious",
-      "reference_url": "https://x.com/i/status/1907925793336078675",
-      "description": "bank credential stealer",
-      "crx_sha256": null,
-      "chrome_webstore_url": "https://chromewebstore.google.com/detail/plfchpahihleeejpjmodggckakhglee"
-    },
     {
       "extension_id": "ckkjdiimhlanonhceggkfjlmjnenpmfm",
       "extension_name": null,
@@ -19708,17 +19686,6 @@
       "crx_sha256": null,
       "chrome_webstore_url": "https://chromewebstore.google.com/detail/pidecdgcabcolloikegacdjejomeodji"
     },
-    {
-      "extension_id": "nmmhkkegccagdldgiimedpiccmgmiedagg4",
-      "extension_name": null,
-      "wildcard_pattern": "*nmmhkkegccagdldgiimedpiccmgmiedagg4*",
-      "category": "malware",
-      "threat_type": "malicious",
-      "reference_url": "https://www.malwarebytes.com/blog/threat-intelligence/2023/07/criminals-target-businesses-with-malicious-extension-for-metas-ads-manager-and-accidentally-leak-stolen-accounts",
-      "description": "",
-      "crx_sha256": null,
-      "chrome_webstore_url": "https://chromewebstore.google.com/detail/nmmhkkegccagdldgiimedpiccmgmiedagg4"
-    },
     {
       "extension_id": "dlddmedljhmbgdhapibnagaanenmajcm",
       "extension_name": null,

feeds/elastic_threat_intel.ndjson

@@ -110,10 +110,8 @@ phfkdailnomcbcknpdmokejhellbecjb,Swimming Pro,*phfkdailnomcbcknpdmokejhellbecjb*
 pkghgkfjhjghinikeanecbgjehojfhdg,InterAlt,*pkghgkfjhjghinikeanecbgjehojfhdg*,malware,malicious,https://socket.dev/blog/108-chrome-ext-linked-to-data-exfil-session-theft-shared-c2,,https://chromewebstore.google.com/detail/pkghgkfjhjghinikeanecbgjehojfhdg,critical,,2026-04-20,ExtSentry (github.com/mthcht/awesome-lists)
 pllkanemicadpcmkfodglahcocfdgkhj,Gold of Egypt - Slot Machine,*pllkanemicadpcmkfodglahcocfdgkhj*,malware,malicious,https://socket.dev/blog/108-chrome-ext-linked-to-data-exfil-session-theft-shared-c2,,https://chromewebstore.google.com/detail/pllkanemicadpcmkfodglahcocfdgkhj,critical,,2026-04-20,ExtSentry (github.com/mthcht/awesome-lists)
 jnannpdmmiphnkpaooplhegabbghlplj,Pro search,*jnannpdmmiphnkpaooplhegabbghlplj*,malware,malicious,,shows fake antivirus alerts constantly and capture browsing activities,https://chromewebstore.google.com/detail/jnannpdmmiphnkpaooplhegabbghlplj,critical,,2026-04-20,ExtSentry (github.com/mthcht/awesome-lists)
-ipmmidjikiklckbngllogmggoofbhjikgb,ChatGPT Ad Blocker,*ipmmidjikiklckbngllogmggoofbhjikgb*,malware,malicious,https://github.com/mthcht/ThreatIntel-Reports/blob/b65e17489a8485bf5893c481de58e363c2ce35f6/Intel%20Reports/thehackernews_com/2026_04_weekly-recap-axios-hack-chrome-0-day_html/content.txt#L788,steal the ChatGPT conversations data,https://chromewebstore.google.com/detail/ipmmidjikiklckbngllogmggoofbhjikgb,critical,,2026-04-20,ExtSentry (github.com/mthcht/awesome-lists)
 gogbiohkminacikoppmljeolgccpmlop,Color Picker - Eyedropper,*gogbiohkminacikoppmljeolgccpmlop*,PUP,privacy,https://x.com/tuckner/status/2039777577452155131,spying on you,https://chromewebstore.google.com/detail/gogbiohkminacikoppmljeolgccpmlop,low,,2026-04-20,ExtSentry (github.com/mthcht/awesome-lists)
 bcjindcccaagfpapjjmafapmmgkkhgoa,JSON Formatter,*bcjindcccaagfpapjjmafapmmgkkhgoa*,PUP,privacy,https://chromewebstore.google.com/detail/json-formatter/bcjindcccaagfpapjjmafapmmgkkhgoa/reviews,https://x.com/wesbos/status/2039355472830939319?s=20,https://chromewebstore.google.com/detail/bcjindcccaagfpapjjmafapmmgkkhgoa,low,,2026-04-20,ExtSentry (github.com/mthcht/awesome-lists)
-plfchpahihleeejpjmodggckakhglee,bank credential stealer,*nplfchpahihleeejpjmodggckakhglee*,malware,malicious,https://x.com/i/status/1907925793336078675,bank credential stealer,https://chromewebstore.google.com/detail/plfchpahihleeejpjmodggckakhglee,critical,,2026-04-20,ExtSentry (github.com/mthcht/awesome-lists)
 ckkjdiimhlanonhceggkfjlmjnenpmfm,bank credential stealer,*ckkjdiimhlanonhceggkfjlmjnenpmfm*,malware,malicious,https://x.com/i/status/1907925793336078675,bank credential stealer,https://chromewebstore.google.com/detail/ckkjdiimhlanonhceggkfjlmjnenpmfm,critical,,2026-04-20,ExtSentry (github.com/mthcht/awesome-lists)
 fpeabamapgecnidibdmjoepaiehokgda,Chrome MCP Server - AI Browser Control,*fpeabamapgecnidibdmjoepaiehokgda*,malware,malicious,https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/dbdcea6a9f5684a9268c39e60c667c5c9c06263b/2026-02-11-IOCs-for-RAT-disguinsed-as-AI-based-browser-extension.txt,RAT AI browser extension,https://chromewebstore.google.com/detail/fpeabamapgecnidibdmjoepaiehokgda,critical,0cbf101e96f6d5c4146812f07105f8b89bd76dd994f540470cd1c4bc37df37d5,2026-04-20,ExtSentry (github.com/mthcht/awesome-lists)
 ajfanjhcdgaohcbphpaceglgpgaaohod,OmniBar AI Chat and Search,*ajfanjhcdgaohcbphpaceglgpgaaohod*,malware,malicious,https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2026-03-09-Threat-Alert-30K-domains-distributing-malicious-AI-related-browser-extension.txt,Malicious AI browser extension,https://chromewebstore.google.com/detail/ajfanjhcdgaohcbphpaceglgpgaaohod,critical,21dd863ff9bbd15da01c1218bf92bd65eeae04a41876e10c41733b58035414c4,2026-04-20,ExtSentry (github.com/mthcht/awesome-lists)
@@ -1789,7 +1787,6 @@ oejfpkocfgochpkljdlmcnibecancpnl,,*oejfpkocfgochpkljdlmcnibecancpnl*,malware,mal
 olkcbimhgpenhcboejacjpmohcincfdb,,*olkcbimhgpenhcboejacjpmohcincfdb*,malware,malicious,https://blog.avast.com/malicious-extensions-chrome-web-store,,https://chromewebstore.google.com/detail/olkcbimhgpenhcboejacjpmohcincfdb,critical,,2026-04-20,ExtSentry (github.com/mthcht/awesome-lists)
 ooaehdahoiljphlijlaplnbeaeeimhbb,,*ooaehdahoiljphlijlaplnbeaeeimhbb*,malware,malicious,https://blog.avast.com/malicious-extensions-chrome-web-store,,https://chromewebstore.google.com/detail/ooaehdahoiljphlijlaplnbeaeeimhbb,critical,,2026-04-20,ExtSentry (github.com/mthcht/awesome-lists)
 pidecdgcabcolloikegacdjejomeodji,,*pidecdgcabcolloikegacdjejomeodji*,malware,malicious,https://blog.avast.com/malicious-extensions-chrome-web-store,,https://chromewebstore.google.com/detail/pidecdgcabcolloikegacdjejomeodji,critical,,2026-04-20,ExtSentry (github.com/mthcht/awesome-lists)
-nmmhkkegccagdldgiimedpiccmgmiedagg4,,*nmmhkkegccagdldgiimedpiccmgmiedagg4*,malware,malicious,https://www.malwarebytes.com/blog/threat-intelligence/2023/07/criminals-target-businesses-with-malicious-extension-for-metas-ads-manager-and-accidentally-leak-stolen-accounts,,https://chromewebstore.google.com/detail/nmmhkkegccagdldgiimedpiccmgmiedagg4,critical,,2026-04-20,ExtSentry (github.com/mthcht/awesome-lists)
 dlddmedljhmbgdhapibnagaanenmajcm,,*dlddmedljhmbgdhapibnagaanenmajcm*,malware,malicious,https://www.welivesecurity.com/2013/07/30/versatile-and-infectious-win64expiro-is-a-cross-platform-file-infector/,,https://chromewebstore.google.com/detail/dlddmedljhmbgdhapibnagaanenmajcm,critical,,2026-04-20,ExtSentry (github.com/mthcht/awesome-lists)
 bbgbmlkfflffccognkcbbmkakbejnado,Micro Search Chrome Extension,*bbgbmlkfflffccognkcbbmkakbejnado*,malware,malicious,https://keepaware.com/blog/trojan-extension-malware-3-year-campaign-300k-infections,,https://chromewebstore.google.com/detail/bbgbmlkfflffccognkcbbmkakbejnado,critical,,2026-04-20,ExtSentry (github.com/mthcht/awesome-lists)
 bcmmbhidjmodkbeidljmhcijhkchokcj,Qcom search bar,*bcmmbhidjmodkbeidljmhcijhkchokcj*,malware,malicious,https://keepaware.com/blog/trojan-extension-malware-3-year-campaign-300k-infections,,https://chromewebstore.google.com/detail/bcmmbhidjmodkbeidljmhcijhkchokcj,critical,,2026-04-20,ExtSentry (github.com/mthcht/awesome-lists)

feeds/extsentry_feed.json

@@ -109,10 +109,8 @@ phfkdailnomcbcknpdmokejhellbecjb
 pkghgkfjhjghinikeanecbgjehojfhdg
 pllkanemicadpcmkfodglahcocfdgkhj
 jnannpdmmiphnkpaooplhegabbghlplj
-ipmmidjikiklckbngllogmggoofbhjikgb
 gogbiohkminacikoppmljeolgccpmlop
 bcjindcccaagfpapjjmafapmmgkkhgoa
-plfchpahihleeejpjmodggckakhglee
 ckkjdiimhlanonhceggkfjlmjnenpmfm
 fpeabamapgecnidibdmjoepaiehokgda
 ajfanjhcdgaohcbphpaceglgpgaaohod
@@ -1788,7 +1786,6 @@ oejfpkocfgochpkljdlmcnibecancpnl
 olkcbimhgpenhcboejacjpmohcincfdb
 ooaehdahoiljphlijlaplnbeaeeimhbb
 pidecdgcabcolloikegacdjejomeodji
-nmmhkkegccagdldgiimedpiccmgmiedagg4
 dlddmedljhmbgdhapibnagaanenmajcm
 bbgbmlkfflffccognkcbbmkakbejnado
 bcmmbhidjmodkbeidljmhcijhkchokcj

feeds/extsentry_ioc_feed.csv

@@ -109,10 +109,8 @@ phfkdailnomcbcknpdmokejhellbecjb
 pkghgkfjhjghinikeanecbgjehojfhdg
 pllkanemicadpcmkfodglahcocfdgkhj
 jnannpdmmiphnkpaooplhegabbghlplj
-ipmmidjikiklckbngllogmggoofbhjikgb
 gogbiohkminacikoppmljeolgccpmlop
 bcjindcccaagfpapjjmafapmmgkkhgoa
-plfchpahihleeejpjmodggckakhglee
 ckkjdiimhlanonhceggkfjlmjnenpmfm
 fpeabamapgecnidibdmjoepaiehokgda
 ajfanjhcdgaohcbphpaceglgpgaaohod
@@ -1689,7 +1687,6 @@ oejfpkocfgochpkljdlmcnibecancpnl
 olkcbimhgpenhcboejacjpmohcincfdb
 ooaehdahoiljphlijlaplnbeaeeimhbb
 pidecdgcabcolloikegacdjejomeodji
-nmmhkkegccagdldgiimedpiccmgmiedagg4
 dlddmedljhmbgdhapibnagaanenmajcm
 bbgbmlkfflffccognkcbbmkakbejnado
 bcmmbhidjmodkbeidljmhcijhkchokcj