| Category | Details |
|---|---|
| Threat Actors | Attackers impersonating Chrome Store and using phishing tactics to hijack extensions. |
| Campaign Overview | Large-scale attacks targeting Chrome Extension developers to hijack extensions for credential theft. |
| Target Regions (Or Victims) | Developers of Chrome Extensions (e.g., Cyberhaven), users of the Chrome Store, employees using extensions. |
| Methodology | - Phishing emails impersonating Chrome Store violations. - Malicious extensions deployed after gaining developer access. - OAuth attack to gain unauthorized access to developer accounts. |
| Product Targeted | Chrome Extensions, particularly those with large user bases. |
| Malware Reference | Malicious Chrome Extension allowing session hijacking and exfiltration of confidential information. |
| Tools Used | Fake Privacy Policy Extension, OAuth for unauthorized access, malicious Chrome Extensions. |
| Vulnerabilities Exploited | Lack of monitoring for browser extension updates; weak security practices by extension developers. |
| TTPs | - Phishing emails targeting extension developers. - Exploiting developer accounts via OAuth. - Deploying malicious extensions to hijack authenticated sessions. |
| Attribution | SquareX’s findings suggest widespread attacks targeting browser extension developers. |
| Recommendations | - Implement proper monitoring of extension updates. - Block unauthorized OAuth interactions. - Use browser security tools to detect suspicious extensions. |
| Source | Hackread |
Read full article: https://hackread.com/squarex-researchers-expose-oauth-attack-on-chrome-extensions-days-before-major-breach/
The above summary has been generated by an AI language model
Leave a Reply