SquareX Reveals Over 3.2 Million Users Affected by Malicious Polymorphic Chrome Extensions

MY PROFESSION

MY INTERESTS

47m ago

A report revealed that over 3.2 million users have been affected by malicious browser extensions that appeared genuine but were embedding harmful scripts.1
The security breach was due to a supply chain breach, where legitimate extensions were infiltrated and pushed malicious updates.1
The compromised extensions included popular tools like AdBlock Plus and PDF Converter, which were manipulated to deliver malicious payloads.1
The malicious extensions bypassed Content Security Policy protections, allowing attackers to modify web content without detection.1

Over 3.2 million users were affected by a supply chain breach involving popular browser extensions.
Malicious extensions bypassed security measures, compromising user data.

Foxnews

11h ago

Researchers from SquareX discovered that malicious browser extensions can change their appearance to mimic other installed extensions, leading to credential theft.1
The malware operates without exploiting any vulnerabilities, making it difficult for cybersecurity solutions to detect or remove it.1
These polymorphic extensions require only medium risk permissions, similar to those needed by legitimate tools like password managers.1
SquareX founder, Vivek Ramachandran, highlighted the risks posed by browser extensions, stating that organizations lack the means to audit their extension usage.1

Researchers from SquareX found that malicious browser extensions can change their appearance to mimic legitimate tools, leading to credential theft.
The malware operates without exploiting vulnerabilities, making it hard for cybersecurity solutions to detect or remove it.
These polymorphic extensions require only medium risk permissions, similar to those of legitimate tools like password managers.

TechRadar

Twitter Post