152 Chrome Live Wallpaper Extensions Hid Ad Tracking and Faked Google Search Traffic

Socket's research identifies a mass-produced family of Chrome new-tab "live wallpaper" extensions (≈152 listings across 38 publisher accounts, ~105,000 installs) that silently log telemetry, run an undisclosed IndexedDB enumerate-and-delete routine, and deliberately forge Google organic-search attribution (utm_source=google&utm_medium=organic and google.com/url uninstall wrappers with ved/usg tokens) to launder extension-driven traffic to ad-monetized brand pages; the report includes full IOCs (extension IDs, domains, emails, ad-network IDs), infrastructure mapping, and removal/hunting recommendations.