Cybercriminals are continually evolving their tactics to evade antivirus detection and trick users into installing malicious software. One of the latest threats involves malware that impersonates legitimate browser extensions, allowing attackers to steal login credentials while remaining undetected. Although this discovery is concerning, researchers have identified the vulnerability before it could be widely exploited, giving security teams time to respond.
According to a report by SquareX Labs, this attack starts with scammers developing seemingly useful browser extensions, such as an AI-powered transcription tool. To avoid malware detection, they distribute the extension outside official platforms like the Chrome Web Store or Google Play. Users are then encouraged to pin the extension for easy access, allowing it to quietly monitor their browsing habits over time.
Once installed, the malicious extension collects data on the user’s existing extensions, particularly those used for handling sensitive information, such as password managers. When the right opportunity arises, it disables the legitimate extension and replaces its icon with an identical version. If the user attempts to access their password manager, they unknowingly interact with the fake extension instead.
To further deceive users, the fraudulent extension displays a message stating that their session has expired, requiring them to log in again. However, rath
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: