Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Home Cyber Attacks Malicious Chrome Extensions Spoof Password Managers in Novel Polymorphic Attack
Chrome Extension Cyber Attacks Data Safety Malicious Campaign Polymorphic Attack

Malicious Chrome Extensions Spoof Password Managers in Novel Polymorphic Attack

The attack was uncovered by researchers at SquareX Labs, which warns of its practicality and feasibility on the latest version of Chrome.
Wednesday, May 21, 2025

 

Cybersecurity experts have uncovered a novel technique for a malicious web browser extension to spoof any installed add-on.

"The polymorphic extensions create a pixel perfect replica of the target's icon, HTML popup, workflows and even temporarily disables the legitimate extension, making it extremely convincing for victims to believe that they are providing credentials to the real extension," SquareX noted in a report published earlier this month. 

The attack targets all Chromium-based web browsers, including Google Chrome, Microsoft Edge, Brave, Opera, and others. The strategy relies on the fact that users frequently pin extensions to the browser's toolbar. In a hypothetical attack scenario, threat actors could publish a polymorphic extension to the Chrome Web Store (or any extension marketplace) and pass it off as a utility. 

The attackers could then use the harvested credentials to take over online accounts and steal sensitive financial and personal data without authorisation. While the add-on provides the claimed functionality without raising any suspicions, it activates the malicious features in the background by actively scanning for the presence of online resources associated with particular target extensions using a technique known as web resource hitting. 

Once a suitable target extension has been located, the attack proceeds to the next stage, when it morphs into a duplicate of the legitimate extension. This is performed by modifying the rogue extension's icon to match that of the target and temporarily disabling the actual add-on using the "chrome.management" API, resulting in its removal from the toolbar. 

"The polymorphic extension attack is extremely powerful as it exploits the human tendency to rely on visual cues as a confirmation," SquareX added. "In this case, the extension icons on a pinned bar are used to inform users of the tools they are interacting with.” 

The findings follow a month after the company revealed Browser Syncjacking, another attack technique that allows a seemingly harmless browser extension to take over a victim's device.
Tags: Chrome Extension Cyber Attacks Data Safety Malicious Campaign Polymorphic Attack
Share it:

Chrome Extension

Cyber Attacks

Data Safety

Malicious Campaign

Polymorphic Attack