Malware News Malicious browser extensions impacting at least 3.2 million users

nicolaasjan

nicolaasjan

Level 5
Thread author
Verified
Well-known
May 29, 2023
222
Content source
https://gitlab-com.gitlab.io/gl-security/security-tech-notes/threat-intelligence-tech-notes/malicious-browser-extensions-feb-2025/

Key Points​

  • We identified a cluster of at least 16 malicious Chrome extensions used to inject code into browsers to facilitate advertising and search engine optimization fraud. The extensions span diverse functionality including screen capture, ad blocking and emoji keyboards and impact at least 3.2 million users.
  • We assess that the threat actor acquired access to at least some of the extensions from their original developers, rather than through a compromise. The threat actor has been trojanizing extensions since at least July 2024.
  • The threat actor uses a complex multistage attack to degrade the security of users’ browsers and then inject content, traversing browser security boundaries and hiding malicious code outside of extensions. We have only been able to partly reproduce the threat actor’s attack chain.
  • The threat actor may also be associated with phishing kit development or distribution. The malicious extensions present a risk of sensitive information leakage or initial access.
Click to expand...
 
  • Like
  • +Reputation
  • Hundred Points
Reactions: Brownie2019, Gandalf_The_Grey, Khushal and 2 others
Jonny Quest

Jonny Quest

Level 23
Verified
Top Poster
Well-known
Mar 2, 2023
1,247
And just for quick reference here is the list of the 16 from the article, which has more information included.

Blipshot: one click full page screenshots
Emojis - Emoji Keyboard
WAToolkit
Color Changer for YouTube
Video Effects for YouTube And Audio Enhancer
Themes for Chrome and YouTube™ Picture in Picture
Mike Adblock für Chrome | Chrome-Werbeblocker
Page Refresh
Wistia Video Downloader
Super dark mode
Emoji keyboard emojis for chrome
Adblocker for Chrome - NoAds
Adblock for You
Adblock for Chrome
Nimble capture
KProxy
Click to expand...
 
  • Like
  • +Reputation
Reactions: Digmor Crusher, Brownie2019, Gandalf_The_Grey and 2 others

Similar threads

Gandalf_The_Grey
    • Like
    • Wow
    • +Reputation
Security News Cybersecurity firm's Chrome extension hijacked to steal users' data
Replies
12
Views
1,270
Security News
HarborFront
H
enaph
    • Like
Security News Opera Browser Vulnerable to Cross-Browser Attacks via Malicious Extensions
Replies
0
Views
859
Security News
enaph
enaph
Gandalf_The_Grey
    • Like
Malware News macOS NotLockBit | Evolving Ransomware Samples Suggest a Threat Actor Sharpening Its Tools
Replies
0
Views
1,178
Security News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top