CyberSecurityBoard
Sponsor Register Login

New Polymorphic Attack That Mimic Any Chrome Extension Installed On The Browser

This newly discovered “polymorphic extension attack” creates pixel-perfect replicas of legitimate extensions’ icons, HTML popups, and workflows, making it nearly impossible for users to distinguish them from authentic extensions. SquareX’s research team has recently uncovered a sophisticated browser attack technique that allows malicious extensions to impersonate any extension installed on a victim’s browser. The attack even temporarily disables the legitimate extension, creating a seamless deception that tricks users into providing sensitive credentials to what they believe is their trusted tool. When users click on what appears to be their password manager, they’re actually interacting with the malicious extension, which captures their master credentials and secret keys before seamlessly returning control to the legitimate extension. When a target is identified, such as when a user visits a login page, the polymorphic extension temporarily disables the legitimate extension using Chrome’s API capabilities, then visually transforms its icon and interface to match the target. This attack is particularly concerning as it exploits legitimate Chrome functionality and uses permissions classified as medium risk, making it difficult to detect through standard security measures. The APIs used – activeTab, scripting, and chrome.management – are commonly used by legitimate extensions, allowing the malicious code to blend in with normal browser operations. After installation, the extension functions as promised to avoid raising suspicion while monitoring for high-value target extensions on the user’s browser. The attack exploits the human tendency to rely on visual cues for verification, particularly the extension icons on the pinned tab bar. What makes this attack particularly dangerous is that it targets high-value extensions such as password managers, cryptocurrency wallets, banking applications, and productivity tools. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. However, the polymorphic extension can silently replace these visual indicators at precisely timed moments, creating a perfect illusion that leads to credential theft. When users interact with these icons, they assume they’re engaging with legitimate extensions. For example, if a password manager is compromised, attackers obtain access to the victim’s entire credential vault, enabling them to access any associated service or account.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 10 Mar 2025 09:10:11 +0000


Cyber News related to New Polymorphic Attack That Mimic Any Chrome Extension Installed On The Browser

New Polymorphic Attack That Mimic Any Chrome Extension Installed On The Browser - This newly discovered “polymorphic extension attack” creates pixel-perfect replicas of legitimate extensions’ icons, HTML popups, and workflows, making it nearly impossible for users to distinguish them from authentic extensions. ...
3 hours ago Cybersecuritynews.com
Malicious Chrome extensions can spoof password managers in new attack - In SquareX's demonstration, the attackers impersonate the 1Password password manager extension by first disabling the legitimate one using the 'chrome.management' API, or if the permissions aren't available, user interface manipulation tactics to ...
3 days ago Bleepingcomputer.com
SquareX Unveils Polymorphic Extensions that Morph Infostealers into Any Browser Extension - Password Managers, Wallets at Risk - In addition to the polymorphic attack, SquareX was also the first to discover and disclose multiple extension-based attacks, including Browser Syncjacking, the Chrome Store consent phishing attack leading to Cyberhaven’s breach and numerous other ...
3 days ago Cybersecuritynews.com
Google Chrome Zero-Day Bug Under Attack, Allows Code Injection - Google has patched a high-severity zero-day bug in its Chrome Web browser that attackers are actively exploiting. The vulnerability, assigned as CVE-2024-0519, is the first Chrome zero-day bug that Google has disclosed in 2024, and the second in the ...
1 year ago Darkreading.com CVE-2024-0519 CVE-2024-0517 CVE-2024-0518 Hunters
New Mimic Ransomware Abuses Windows Search Tool to Attack Victims - A new ransomware threat has been discovered that abuses the Windows Search Tool to locate and encrypt sensitive data. Dubbed Mimic, the ransomware was identified by malware researchers at Force Point Security Defense. Mimic encrypts a victim’s ...
2 years ago Bleepingcomputer.com
Google Online Security Blog: Sustaining Digital Certificate Security - The Chrome Security Team prioritizes the security and privacy of Chrome's users, and we are unwilling to compromise on these values. The Chrome Root Program Policy states that CA certificates included in the Chrome Root Store must provide value to ...
8 months ago Security.googleblog.com
Attack Vector vs Attack Surface: The Subtle Difference - Cybersecurity discussions about "Attack vectors" and "Attack surfaces" sometimes use these two terms interchangeably. This article guides you through the distinctions between attack vectors and attack surfaces to help you better understand the two ...
2 years ago Trendmicro.com
Google Chrome change that weakens ad blockers begins June 3rd - Google is continuing with its plan to phase out Manifest V2 extensions in Chrome starting in early June 2024, weakening the abilities of ad blockers. Google says this decision was made based on the community's progress and feedback, which were deemed ...
9 months ago Bleepingcomputer.com
Google Patches Another Chrome Zero-Day as Browser Attacks Mount - For the fourth time since August, Google has disclosed a bug in its Chrome browser technology that attackers were actively exploiting in the wild before the company had a fix for it. Integer Overflow Bug The latest zero-day, which Google is tracking ...
1 year ago Darkreading.com CVE-2023-6345 CVE-2023-4863 CVE-2023-5217 CVE-2023-28205 CVE-2023-32409 CVE-2023-28204 CVE-2023-32373
Highly Obfuscated .NET sectopRAT Mimic as Chrome Extension - Meanwhile, background.js functions as an intermediary to bypass browser security policies, transmitting the stolen data from content.js to the command-and-control (C2) server. The emergence of a highly obfuscated .NET-based Remote Access Trojan (RAT) ...
2 weeks ago Cybersecuritynews.com
New Mimic Ransomware Uses Windows Search Engine to Find and Encrypt Files - Cybersecurity researchers have uncovered a new strain of ransomware called Mimic, which uses Everything API, a Windows search engine, to search for files to encrypt. Mimic is a sophisticated malware that can eliminate shadow copies, shut down various ...
2 years ago Heimdalsecurity.com
The Browser Blind Spot: Why Your Browser is the Next Cybersecurity Battleground - Security teams must integrate browser detection & response capabilities into their enterprise security stack to gain real-time visibility, detect browser-native threats, and protect people where they work. Just as EDR transformed endpoint ...
2 weeks ago Bleepingcomputer.com
Chrome New Safety Check Feature Checks for Hacked Passwords - Google Chrome, the leading browser, has recently launched a new safety check feature that can help users save their tab groups and optimize memory usage. With this new feature, users can now ensure that their browser is running smoothly and ...
1 year ago Cybersecuritynews.com
OpenAIS ChatGPT is a Polymorphic Malware: How to Protect Yourself - Internet security is an important concern in the modern digital age. With the emergence of new threats such as ransomware, Trojans, and sophisticated variants of Polymorphic Malware, it is essential that users take the necessary steps to protect ...
2 years ago Hackread.com
Google Chrome adds new AI features to boost productivity and creativity - Google's popular web browser, Chrome, is getting a makeover with the latest release of Chrome M121, which introduces three new generative AI features that aim to make browsing easier, more efficient and more personalized. The new features, which are ...
1 year ago Venturebeat.com
Menlo Security Adds SaaS Platform to Manage Secure Browsers - Menlo Security today unfurled a software-as-a-service platform that makes it simpler to centrally apply and manage cybersecurity policies to secure instances of Google Chrome or Microsoft Edge browsers. Rew Harding, vice president of security ...
1 year ago Securityboulevard.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
CVE-2024-34714 - The Hoppscotch Browser Extension is a browser extension for Hoppscotch, a community-driven end-to-end open-source API development ecosystem. Due to an oversight during a change made to the extension in the commit ...
9 months ago Tenable.com
User-Friendly Update: Clear Your Chrome History on Android with Ease - As part of its commitment to keeping users happy, Google Chrome prioritizes providing a great experience - one of the latest examples of this is a new shortcut that makes it easier to clear browsing data on Android. Chrome has made deleting users' ...
1 year ago Cysecurity.news
Fake VPN Chrome extensions force-installed 1.5 million times - Three malicious Chrome extensions posing as VPN infected were downloaded 1.5 million times, acting as browser hijackers, cashback hack tools, and data stealers. According to ReasonLabs, which discovered the malicious extensions, they are spread via ...
1 year ago Bleepingcomputer.com
ANYRUN Safebrowsing Extension - Analyse Any Malicious URL for Free - Safebrowsing enables security analysts to interact with the entire attack chain, monitor network activity, and uncover hidden threats in a controlled, isolated environment. According to ANY.RUN Reports, Safebrowsing integrates a Network Inspector, ...
3 weeks ago Cybersecuritynews.com
Days After Google, Apple Reveals Exploited Zero-Day in Browser Engine - Apple has patched an actively exploited zero-day bug in its WebKit browser engine for Safari. Actively Exploited Apple yesterday described the vulnerability as something an attacker could exploit to execute arbitrary code on affected systems. ...
1 year ago Darkreading.com CVE-2024-23222
Microsoft again bothers Chrome users with Bing popup ads in Windows - Microsoft is once again harassing Google Chrome users on Windows 10 and Windows 11 with popup desktop advertisements promoting Bing and its GPT-4 Bing Chat platform. Due to the quality of the pixelated ads, some who received them were concerned that ...
11 months ago Bleepingcomputer.com
Google Chrome's new cache change could boost performance - Google is introducing a significant change to Chrome's Back/Forward Cache behavior, allowing web pages to be stored in the cache, even if a webmaster specifies not to store a page in the browser's cache. "Bfcache is an in-memory cache that stores a ...
1 year ago Bleepingcomputer.com
Hackers target Microsoft SQL servers in Mimic ransomware attacks - A group of financially motivated Turkish hackers targets Microsoft SQL servers worldwide to encrypt the victims' files with Mimic ransomware. These ongoing attacks are tracked as RE#TURGENCE and have been directed at targets in the European Union, ...
1 year ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)