SquareX AI Browsers Exploited in OAuth Attacks and Malware Distribution Campaigns

Recent cybersecurity investigations have uncovered a sophisticated campaign leveraging SquareX AI browsers to execute OAuth attacks and distribute malware. This emerging threat exploits vulnerabilities in AI-powered browsers to gain unauthorized access to user accounts via OAuth tokens, facilitating widespread malware dissemination. The attackers employ advanced techniques to bypass traditional security measures, targeting both individual users and organizations. The campaign highlights the growing risks associated with AI-integrated browsing technologies and the need for enhanced security protocols. Cybersecurity experts recommend immediate patching of affected systems, vigilant monitoring of OAuth token usage, and adoption of multi-factor authentication to mitigate these threats. This article delves into the technical details of the attacks, the malware involved, and strategic defense measures to protect digital assets in an increasingly AI-driven cyber landscape.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 09 Oct 2025 14:05:11 +0000

Cyber News related to SquareX AI Browsers Exploited in OAuth Attacks and Malware Distribution Campaigns

Threat actors misuse OAuth applications to automate financially driven attacks - Threat actors are misusing OAuth applications as an automation tool in financially motivated attacks. Threat actors compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can misuse to hide malicious ...
1 year ago Microsoft.com

SquareX Reveals That Employees Are No Longer The Weakest Link, Browser AI Agents Are - SquareX’s research reveals that Browser AI Agents are more likely tofall prey to cyberattacks than employees, making them the new weakest link that enterprisesecurity teams need to look out for. Moreimportantly, employees using Browser AI Agents ...
4 months ago Cybersecuritynews.com

SquareX to Uncover Data Splicing Attacks at BSides San Francisco, A Major DLP Flaw that Compromises Data Security of Millions - Titled “Data Splicing Attacks: Breaking Enterprise DLP from the Inside Out”, the talk will demonstrate multiple data splicing techniques that will allow attackers to exfiltrate any sensitive file or clipboard data, completely bypassing major Data ...
6 months ago Cybersecuritynews.com

SquareX Discloses Browser-Native Ransomware that Puts Millions at Risk - As browsers become the new endpoint, it is crucial for enterprises to reconsider their browser security strategy – just as EDRs were critical to defend against file-based ransomware, a browser-native solution with a deep understanding of ...
7 months ago Cybersecuritynews.com

SquareX AI Browsers Exploited in OAuth Attacks and Malware Distribution Campaigns - Recent cybersecurity investigations have uncovered a sophisticated campaign leveraging SquareX AI browsers to execute OAuth attacks and distribute malware. This emerging threat exploits vulnerabilities in AI-powered browsers to gain unauthorized ...
1 month ago Cybersecuritynews.com CVE-2024-12345 CVE-2024-67890 APT42

Attackers Target Microsoft Accounts to Weaponize OAuth Apps - Threat actors are abusing organizations' weak authentication practices to create and exploit OAuth applications, often for financial gain, in a string of attacks that include various vectors, including cryptomining, phishing, and password spraying. ...
1 year ago Darkreading.com

Cybersecurity Awareness Campaigns in Education - Cybersecurity awareness campaigns in education are essential to protect digital systems and information. The target audience for cybersecurity awareness campaigns in education includes students, teachers, administrators, and other staff members. ...
1 year ago Securityzap.com

What Is OAuth 2.0? - Scope of Access: Before OAuth, the meal planning app might have access to data that the user did not actually wish to share. No Way to Revoke Access: Before OAuth, the user could not easily restrict or revoke the meal planning app's access to their ...
1 year ago Feeds.dzone.com

SquareX Unveils Polymorphic Extensions that Morph Infostealers into Any Browser Extension - Password Managers, Wallets at Risk - In addition to the polymorphic attack, SquareX was also the first to discover and disclose multiple extension-based attacks, including Browser Syncjacking, the Chrome Store consent phishing attack leading to Cyberhaven’s breach and numerous other ...
8 months ago Cybersecuritynews.com

Microsoft: OAuth apps used to automate BEC and cryptomining attacks - Microsoft warns that financially-motivated threat actors are using OAuth applications to automate BEC and phishing attacks, push spam, and deploy VMs for cryptomining. OAuth is an open standard for granting apps secure delegated access to server ...
1 year ago Bleepingcomputer.com

Attackers abuse OAuth apps to initiate large-scale cryptomining and spam campaigns - Attackers are compromising high-privilege Microsoft accounts and abusing OAuth applications to launch a variety of financially-motivated attacks. OAuth is an open standard authentication protocol that uses tokens to grant applications access to ...
1 year ago Helpnetsecurity.com Hunters

Microsoft Disables Verified Partner Accounts Used for OAuth Phishing - Microsoft has disabled multiple fraudulent, verified Microsoft Partner Network accounts for creating malicious OAuth applications that breached organizations cloud environments to steal email. In a joint announcement between Microsoft and Proofpoint, ...
2 years ago Bleepingcomputer.com

Types of Malware and How To Prevent Them - Malware is one of the biggest security threats to any type of technological device, and each type of malware uses unique tactics for successful invasions. Even if you've downloaded a VPN for internet browsing, our in-depth guide discusses the 14 ...
1 year ago Pandasecurity.com

Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
1 year ago Cybersecurity-insiders.com