Hidden Threats of Dual-Function Malware Found in Chrome Extensions

SUMMARY :

An unknown threat actor has been creating malicious Chrome browser extensions since February 2024, using fake websites to lure users into installing them. These extensions have dual functionality, appearing to work as intended while also connecting to malicious servers to steal user data and execute arbitrary code. The extensions request excessive permissions and use various techniques to bypass security measures. They communicate with actor-controlled API domains, sending encrypted system information and receiving dynamic rules and code. The malicious activities include cookie theft, traffic manipulation, and potential account compromises. Over 100 fake websites and extensions have been deployed, exploiting current trends to attract users. The Chrome Web Store has removed some extensions, but the actor's persistence poses an ongoing threat to users seeking productivity tools and browser enhancements.

OPENCTI LABELS :

data theft,code execution,traffic manipulation,lure websites,chrome extensions,api endpoints


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Hidden Threats of Dual-Function Malware Found in Chrome Extensions