Security researchers from the Socket Threat Research Team have uncovered a sophisticated network of eight malicious
Firefox browser extensions that actively steal OAuth tokens, passwords, and spy on users through deceptive tactics.
These malicious extensions exploit user trust by
impersonating beloved games with millions of players worldwide.
Beyond simple redirect scams, researchers identified several extensions employing sophisticated attack techniques.
CalSyncMaster, masquerading as a legitimate Google Calendar synchronization tool, represents the most serious threat in the analysis.
This extension implements advanced
OAuth credential theft operations, stealing Google Authentication tokens that provide ongoing access to sensitive personal and business data.
The VPN
Grab A Proxy Free extension, marketed as a privacy-focused
VPN service, secretly tracks users by injecting invisible tracking iframes and routing all web traffic through attacker-controlled proxies.
This configuration enables comprehensive surveillance of user activities, including the potential interception of login credentials, personal information, and private communications.
Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts
16 Malicious Chrome Extensions as ChatGPT Enhancements Steals ChatGPT Logins