Security News Malicious Chrome extensions can spoof password managers in new attack

Jonny Quest

Jonny Quest

Level 24
Thread author
Verified
Top Poster
Well-known
Mar 2, 2023
1,343
Content source
https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-can-spoof-password-managers-in-new-attack/
This is the part that caught my eye.

In SquareX's demonstration, the attackers impersonate the 1Password password manager extension by first disabling the legitimate one using the 'chrome.management' API, or if the permissions aren't available, user interface manipulation tactics to hide it from the user.

Simultaneously, the malicious extension switches its icon to mimic that of 1Password, changes its name accordingly, and displays a fake login popup that matches the appearance of the real one.

To force the user into entering their credentials, when attempting to log in to a site, a fake "Session Expired" prompt is served, making the victim think they were logged out.

This will prompt the user to log back into 1Password through a phishing form that sends inputted credentials back to the attackers.
Click to expand...
1password.jpg
 
  • Like
  • Hundred Points
Reactions: Zartarra, HarborFront, piquiteco and 8 others
Jonny Quest

Jonny Quest

Level 24
Thread author
Verified
Top Poster
Well-known
Mar 2, 2023
1,343
Last edited:
  • Like
Reactions: Zero Knowledge, Marko :), piquiteco and 3 others
oldschool

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
8,003
Jonny Quest said:
@oldschool I thought about you and your post when I saw this article on Bleeping Computer.

malwaretips.com

Advice Request - What are some secure password manager options for Windows, Android and IOS?

I've recently run out of my paid password provider subscription and was curious as to what some of you would recommend going into 2025. I've seen a lot of posts about Bitwarden, Proton, KeePass and 1password and was wondering if those are still the go-to options or if Nordpass etc are in the...
malwaretips.com malwaretips.com
Click to expand...
This article highlights how the 'chrome.management' API is ripe for the pickings. I personally rely mainly on my little black book for password management, especially critical ones.

And it goes without saying that users should ...
Gandalf_The_Grey said:
Only use a minimal amount of trusted extensions
Click to expand...
(y)(y)
 
  • Like
  • +Reputation
  • Wow
Reactions: Miravi, piquiteco, rashmi and 4 others
Jonny Quest

Jonny Quest

Level 24
Thread author
Verified
Top Poster
Well-known
Mar 2, 2023
1,343
rashmi said:
Does this affect a password manager with a local database only?
Click to expand...
It doesn't sound like it, like with KeePass? That's what I was thinking, that if I were truly concerned, I could uninstall the Proton Pass extensions and just work from the desktop app (in my case) and copy and paste from there. Probably like you could also do with the Bitwarden desktop app.

But would there be a security risk in my doing it that way, as far as what may be stored in Clipboard, or in the browser somewhere, compared to just typing things in?
 
Last edited:
  • Like
Reactions: oldschool, simmerskool, piquiteco and 1 other person
R

rashmi

Level 17
Jan 15, 2024
841
Jonny Quest said:
It doesn't sound like it, like with KeePass? That's what I was thinking, that if I were truly concerned, I could uninstall the Proton Pass extensions and just work from the desktop app (in my case) and copy and paste from there. Probably like you could also do with the Bitwarden desktop app.

But would there be a security risk in my doing it that way, as far as what may be stored in Clipboard, or in the browser somewhere, compared to just typing things in?
Click to expand...
I meant a password manager with a local database and an extension, but no cloud database. I use Enpass password manager, which has no cloud database. If I'm correct, some password managers have a different password for the cloud database. I guess it would help in this scenario.
 
  • Like
Reactions: Zero Knowledge, oldschool, simmerskool and 2 others
oldschool

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
8,003
  • +Reputation
  • Like
Reactions: Zero Knowledge, Jonny Quest, simmerskool and 2 others
lokamoka820

lokamoka820

Level 27
Verified
Well-known
Mar 1, 2024
1,606
I think in this situation using a PIN code to access your password vault is safer to use than using your master password, I always thought PIN code just for convenient, now it is more secure in such scenario.

And while it is not that effective, but I think enabling "remember my email address" will be beneficial in this situation too, so when you find that you were logged out and your email address filed is empty, it must make doubts that something wrong happens.
 
  • Like
Reactions: anirbandutta01, Gandalf_The_Grey and simmerskool

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
    • Applause
Security News Vulnerability in 1Password for Mac lets attacker steal data from password vault
Replies
4
Views
2,687
Security News
Divine_Barakah
Divine_Barakah
oldschool
    • Like
    • Applause
Security News Passkey technology is elegant, but it’s most definitely not usable security
Replies
4
Views
1,433
Security News
Wrecker4923
Wrecker4923
Gandalf_The_Grey
    • Like
    • +Reputation
Security News New Syncjacking attack hijacks devices using Chrome extensions
Replies
0
Views
581
Security News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top