The two extensions were named Nano Adblocker and Nano Defender, and each had more than 50,000 and 200,000 installs, respectively, at the time they were taken down.
The two had been around for more than a year, but the malicious code was not included with the original versions.
The data collection code was added at the start of this month, in October 2020, after the original author sold the two extensions to "a team of Turkish developers."
After the sale, several users, including Raymond Hill, the author of the uBlock Origin ad blocker, came forward to point out that the two extensions were modified to include malicious code.
"The extension is now designed to lookup[sic] specific information from your outgoing network requests according to an externally configurable heuristics and send it to https://def.dev-nano.com," Hill said.
In addition, the two Turkish developers also never modified the two extensions' author fields, leaving the original author's name in place, in what appeared to be an attempt to hide the sale and the culprit behind the malicious code.
However, this only made things easier for Google's staff, as any type of extensive data collection is forbidden, per Chrome Web Store rules.
The two extensions were taken down over the weekend and disabled in users' Chrome browsers.