Google Chrome users have been warned to delete 16 “malicious” browser extensions that could lead to a security threat and “fraud” at the hands of a prolific “threat actor.”

The extensions affect functionality involving screen capture, ad blocking, emoji keyboards and more, with a potential impact on at least 3.2 million users, according to GitLab Threat Intelligence, which first reported the threat.

The extensions inject code and harmful scripts into browsers, allowing hackers to steal user data and engage in search-engine fraud involving ad revenue, according to Tom’s Guide.

After users granted permission to use them, the extensions, while legitimate, were infected with malicious updates that corrupted them.

According to tech site Notebook Check, the attack was traced to developer accounts that unknowingly transferred control of extensions to the attackers, whose dangerous updates were available through official browser extension stores.

The dangerous extensions include:

The targeted extensions already have been removed from the Chrome Web Store, but users should manually delete them if they are still installed on their browsers.

Tom’s Guide advises then using antivirus software to scan for malware or other viruses.