Dan Goodin, reporting for Ars Technica:
Crooks have found a new venue to push malware: the official Google Chrome Web Store. It was recently used to hawk Chrome browser extensions secretly hijacking users' Facebook profiles.[ ... ]
The company distributing this malicious extension was unnamed in the report as was the specific app. Assolini said Google personnel removed the malicious extension shortly after Kaspersky reported it to them. "But we noted the bad guys behind this malicious scheme are uploading new extensions regularly, in a cat and mouse game," he warned. He didn't elaborate on the number of extensions or how long he's been observing them other than to say the malicious app Kaspersky discovered had 932 users.