Press ESC to close

SquareX Researchers Expose OAuth Attack on Chrome Extensions Days Before Major Breach

Category Details
Threat Actors Attackers impersonating Chrome Store and using phishing tactics to hijack extensions.
Campaign Overview Large-scale attacks targeting Chrome Extension developers to hijack extensions for credential theft.
Target Regions (Or Victims) Developers of Chrome Extensions (e.g., Cyberhaven), users of the Chrome Store, employees using extensions.
Methodology – Phishing emails impersonating Chrome Store violations.
– Malicious extensions deployed after gaining developer access.
– OAuth attack to gain unauthorized access to developer accounts.
Product Targeted Chrome Extensions, particularly those with large user bases.
Malware Reference Malicious Chrome Extension allowing session hijacking and exfiltration of confidential information.
Tools Used Fake Privacy Policy Extension, OAuth for unauthorized access, malicious Chrome Extensions.
Vulnerabilities Exploited Lack of monitoring for browser extension updates; weak security practices by extension developers.
TTPs – Phishing emails targeting extension developers.
– Exploiting developer accounts via OAuth.
– Deploying malicious extensions to hijack authenticated sessions.
Attribution SquareX’s findings suggest widespread attacks targeting browser extension developers.
Recommendations – Implement proper monitoring of extension updates.
– Block unauthorized OAuth interactions.
– Use browser security tools to detect suspicious extensions.
Source Hackread

Read full article: https://hackread.com/squarex-researchers-expose-oauth-attack-on-chrome-extensions-days-before-major-breach/

The above summary has been generated by an AI language model

Stay Updated with Our Newsletter

Source: Hackread

Published on: January 1, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *