CyberSecurityBoard
Sponsor Register Login

New Polymorphic Attack That Mimic Any Chrome Extension Installed On The Browser

This newly discovered “polymorphic extension attack” creates pixel-perfect replicas of legitimate extensions’ icons, HTML popups, and workflows, making it nearly impossible for users to distinguish them from authentic extensions. SquareX’s research team has recently uncovered a sophisticated browser attack technique that allows malicious extensions to impersonate any extension installed on a victim’s browser. The attack even temporarily disables the legitimate extension, creating a seamless deception that tricks users into providing sensitive credentials to what they believe is their trusted tool. When users click on what appears to be their password manager, they’re actually interacting with the malicious extension, which captures their master credentials and secret keys before seamlessly returning control to the legitimate extension. When a target is identified, such as when a user visits a login page, the polymorphic extension temporarily disables the legitimate extension using Chrome’s API capabilities, then visually transforms its icon and interface to match the target. This attack is particularly concerning as it exploits legitimate Chrome functionality and uses permissions classified as medium risk, making it difficult to detect through standard security measures. The APIs used – activeTab, scripting, and chrome.management – are commonly used by legitimate extensions, allowing the malicious code to blend in with normal browser operations. After installation, the extension functions as promised to avoid raising suspicion while monitoring for high-value target extensions on the user’s browser. The attack exploits the human tendency to rely on visual cues for verification, particularly the extension icons on the pinned tab bar. What makes this attack particularly dangerous is that it targets high-value extensions such as password managers, cryptocurrency wallets, banking applications, and productivity tools. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. However, the polymorphic extension can silently replace these visual indicators at precisely timed moments, creating a perfect illusion that leads to credential theft. When users interact with these icons, they assume they’re engaging with legitimate extensions. For example, if a password manager is compromised, attackers obtain access to the victim’s entire credential vault, enabling them to access any associated service or account.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 10 Mar 2025 09:10:11 +0000


Cyber News related to New Polymorphic Attack That Mimic Any Chrome Extension Installed On The Browser

New Polymorphic Attack That Mimic Any Chrome Extension Installed On The Browser - This newly discovered “polymorphic extension attack” creates pixel-perfect replicas of legitimate extensions’ icons, HTML popups, and workflows, making it nearly impossible for users to distinguish them from authentic extensions. ...
3 months ago Cybersecuritynews.com
Malicious Chrome extensions can spoof password managers in new attack - In SquareX's demonstration, the attackers impersonate the 1Password password manager extension by first disabling the legitimate one using the 'chrome.management' API, or if the permissions aren't available, user interface manipulation tactics to ...
3 months ago Bleepingcomputer.com
SquareX Unveils Polymorphic Extensions that Morph Infostealers into Any Browser Extension - Password Managers, Wallets at Risk - In addition to the polymorphic attack, SquareX was also the first to discover and disclose multiple extension-based attacks, including Browser Syncjacking, the Chrome Store consent phishing attack leading to Cyberhaven’s breach and numerous other ...
3 months ago Cybersecuritynews.com
Google Chrome Zero-Day Bug Under Attack, Allows Code Injection - Google has patched a high-severity zero-day bug in its Chrome Web browser that attackers are actively exploiting. The vulnerability, assigned as CVE-2024-0519, is the first Chrome zero-day bug that Google has disclosed in 2024, and the second in the ...
1 year ago Darkreading.com CVE-2024-0519 CVE-2024-0517 CVE-2024-0518 Hunters
Google Online Security Blog: Sustaining Digital Certificate Security - The Chrome Security Team prioritizes the security and privacy of Chrome's users, and we are unwilling to compromise on these values. The Chrome Root Program Policy states that CA certificates included in the Chrome Root Store must provide value to ...
11 months ago Security.googleblog.com
New Mimic Ransomware Abuses Windows Search Tool to Attack Victims - A new ransomware threat has been discovered that abuses the Windows Search Tool to locate and encrypt sensitive data. Dubbed Mimic, the ransomware was identified by malware researchers at Force Point Security Defense. Mimic encrypts a victim’s ...
2 years ago Bleepingcomputer.com
Google Chrome change that weakens ad blockers begins June 3rd - Google is continuing with its plan to phase out Manifest V2 extensions in Chrome starting in early June 2024, weakening the abilities of ad blockers. Google says this decision was made based on the community's progress and feedback, which were deemed ...
1 year ago Bleepingcomputer.com
Google Patches Another Chrome Zero-Day as Browser Attacks Mount - For the fourth time since August, Google has disclosed a bug in its Chrome browser technology that attackers were actively exploiting in the wild before the company had a fix for it. Integer Overflow Bug The latest zero-day, which Google is tracking ...
1 year ago Darkreading.com CVE-2023-6345 CVE-2023-4863 CVE-2023-5217 CVE-2023-28205 CVE-2023-32409 CVE-2023-28204 CVE-2023-32373
SquareX to Uncover Data Splicing Attacks at BSides San Francisco, A Major DLP Flaw that Compromises Data Security of Millions - Titled “Data Splicing Attacks: Breaking Enterprise DLP from the Inside Out”, the talk will demonstrate multiple data splicing techniques that will allow attackers to exfiltrate any sensitive file or clipboard data, completely bypassing major Data ...
2 months ago Cybersecuritynews.com
Attack Vector vs Attack Surface: The Subtle Difference - Cybersecurity discussions about "Attack vectors" and "Attack surfaces" sometimes use these two terms interchangeably. This article guides you through the distinctions between attack vectors and attack surfaces to help you better understand the two ...
2 years ago Trendmicro.com
Rilide Malware as Browser Extension Attacking Chrome & Edge Users to Steal Login Credentials - The malware leverages browser extension capabilities to seamlessly integrate with the victim’s browsing experience, making detection particularly challenging for conventional security solutions. A sophisticated malware strain dubbed ...
2 months ago Cybersecuritynews.com
Highly Obfuscated .NET sectopRAT Mimic as Chrome Extension - Meanwhile, background.js functions as an intermediary to bypass browser security policies, transmitting the stolen data from content.js to the command-and-control (C2) server. The emergence of a highly obfuscated .NET-based Remote Access Trojan (RAT) ...
3 months ago Cybersecuritynews.com
SquareX Discloses Browser-Native Ransomware that Puts Millions at Risk - As browsers become the new endpoint, it is crucial for enterprises to reconsider their browser security strategy – just as EDRs were critical to defend against file-based ransomware, a browser-native solution with a deep understanding of ...
2 months ago Cybersecuritynews.com
New Phishing Attack Using Browser-In-The-Browser Technique To Attack Gamers - This attack method creates a convincing fake browser pop-up window that tricks users into entering their Steam credentials, allowing cybercriminals to steal valuable gaming accounts and virtual items. Silent Push researchers noted this attack in ...
2 months ago Cybersecuritynews.com
New Mimic Ransomware Uses Windows Search Engine to Find and Encrypt Files - Cybersecurity researchers have uncovered a new strain of ransomware called Mimic, which uses Everything API, a Windows search engine, to search for files to encrypt. Mimic is a sophisticated malware that can eliminate shadow copies, shut down various ...
2 years ago Heimdalsecurity.com
The Browser Blind Spot: Why Your Browser is the Next Cybersecurity Battleground - Security teams must integrate browser detection & response capabilities into their enterprise security stack to gain real-time visibility, detect browser-native threats, and protect people where they work. Just as EDR transformed endpoint ...
3 months ago Bleepingcomputer.com
Chrome New Safety Check Feature Checks for Hacked Passwords - Google Chrome, the leading browser, has recently launched a new safety check feature that can help users save their tab groups and optimize memory usage. With this new feature, users can now ensure that their browser is running smoothly and ...
1 year ago Cybersecuritynews.com
Google Chrome adds new AI features to boost productivity and creativity - Google's popular web browser, Chrome, is getting a makeover with the latest release of Chrome M121, which introduces three new generative AI features that aim to make browsing easier, more efficient and more personalized. The new features, which are ...
1 year ago Venturebeat.com
CVE-2024-34714 - The Hoppscotch Browser Extension is a browser extension for Hoppscotch, a community-driven end-to-end open-source API development ecosystem. Due to an oversight during a change made to the extension in the commit ...
1 year ago Tenable.com
Menlo Security Adds SaaS Platform to Manage Secure Browsers - Menlo Security today unfurled a software-as-a-service platform that makes it simpler to centrally apply and manage cybersecurity policies to secure instances of Google Chrome or Microsoft Edge browsers. Rew Harding, vice president of security ...
1 year ago Securityboulevard.com
OpenAIS ChatGPT is a Polymorphic Malware: How to Protect Yourself - Internet security is an important concern in the modern digital age. With the emergence of new threats such as ransomware, Trojans, and sophisticated variants of Polymorphic Malware, it is essential that users take the necessary steps to protect ...
2 years ago Hackread.com
Majority of Browser Extensions Pose Critical Security Risk, A New Report Reveals - A new 2025 Enterprise Browser Extension Security Report, uniquely combining data from public extension marketplaces and real-world enterprise usage telemetry to spotlight this underestimated threat vector. Extensive Permissions to Sensitive ...
1 month ago Bleepingcomputer.com
User-Friendly Update: Clear Your Chrome History on Android with Ease - As part of its commitment to keeping users happy, Google Chrome prioritizes providing a great experience - one of the latest examples of this is a new shortcut that makes it easier to clear browsing data on Android. Chrome has made deleting users' ...
1 year ago Cysecurity.news
Fake VPN Chrome extensions force-installed 1.5 million times - Three malicious Chrome extensions posing as VPN infected were downloaded 1.5 million times, acting as browser hijackers, cashback hack tools, and data stealers. According to ReasonLabs, which discovered the malicious extensions, they are spread via ...
1 year ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)