Security researchers have identified multiple abusive Chrome extensions, including an add-on that targets organizations using **Meta Business Suite** and **Facebook Business Manager**.

### What happened

- The extension “CL Suite by @CLMasters” is marketed as a utility for scraping Meta Business data and handling verification pop-ups.

- Analysis shows it can **exfiltrate Business Manager data** and, critically, **TOTP seeds and active one-time codes**—materials that can be used to bypass 2FA in follow-on attacks.

### Why it matters

Browser extensions sit in a privileged position: broad permissions plus user trust. Even a small install base can be valuable if the targets are businesses with ad accounts, pages, payment methods, and high-value contact lists.

### What to do (practical guidance)

- In enterprises: inventory and audit installed extensions; limit installs to an allowlist.

- For individuals: review permissions, remove unnecessary extensions, and use separate browser profiles for sensitive work (ads, billing, admin consoles).

- Treat extensions that handle “2FA,” “AI assistants,” or automation as high-risk; prefer vendor-supported tools.

**Source:** The Hacker News summary referencing Socket and other research (linked below).