Category | Details |
---|---|
Threat Actors | Attackers impersonating Chrome Store and using phishing tactics to hijack extensions. |
Campaign Overview | Large-scale attacks targeting Chrome Extension developers to hijack extensions for credential theft. |
Target Regions (Or Victims) | Developers of Chrome Extensions (e.g., Cyberhaven), users of the Chrome Store, employees using extensions. |
Methodology | – Phishing emails impersonating Chrome Store violations. – Malicious extensions deployed after gaining developer access. – OAuth attack to gain unauthorized access to developer accounts. |
Product Targeted | Chrome Extensions, particularly those with large user bases. |
Malware Reference | Malicious Chrome Extension allowing session hijacking and exfiltration of confidential information. |
Tools Used | Fake Privacy Policy Extension, OAuth for unauthorized access, malicious Chrome Extensions. |
Vulnerabilities Exploited | Lack of monitoring for browser extension updates; weak security practices by extension developers. |
TTPs | – Phishing emails targeting extension developers. – Exploiting developer accounts via OAuth. – Deploying malicious extensions to hijack authenticated sessions. |
Attribution | SquareX’s findings suggest widespread attacks targeting browser extension developers. |
Recommendations | – Implement proper monitoring of extension updates. – Block unauthorized OAuth interactions. – Use browser security tools to detect suspicious extensions. |
Source | Hackread |
Read full article: https://hackread.com/squarex-researchers-expose-oauth-attack-on-chrome-extensions-days-before-major-breach/
The above summary has been generated by an AI language model
Leave a Reply