QuickLens Chrome Extension Supply Chain Compromise Delivers

Type	Value	Context	Confidence
DOMAIN	doodlebuggle.top	C2 domain associated with threat actor contact address (support@doodlebuggle.top) and likely C2 infrastructure for the compromised extension's polling loop. Treat connections to this domain and all subdomains as malicious.	medium
URL	https://chrome.google.com/webstore, QuickLens extension listing (removed)	Extension has been removed from the Chrome Web Store. The extension ID should be used to query endpoint management systems for installed instances. Specific extension ID not confirmed in available sources, obtain from vendor disclosures before querying.	low

Over 10 years we help companies reach their financial and branding goals. Engitech is a values-driven technology agency dedicated.

Gallery

Contacts

411 University St, Seattle, USA

engitech@oceanthemes.net

+1 -800-456-478-23

The QuickLens Chrome extension was purchased via a marketplace and weaponized within 17 days, exposing approximately 7,000 users to credential theft, cryptocurrency wallet draining, and session hijacking before Google removed it. At least 11 browser-based crypto wallets were targeted, with Trust Wallet disclosing approximately $7 million in user losses attributable to a related campaign, though the precise causal link to this specific extension requires independent verification. Stolen seed phrases, credentials, and session tokens remain compromised indefinitely post-removal, as cryptographic material does not expire; users must treat all such secrets as fully exposed and rotate them.