Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Polymorphic Attack. Show all posts
Polymorphic Attack
cyber attack Google malware Online Scams Phishing Attack Polymorphic Attack

New Polymorphic Attack Enables Malicious Chrome Extensions to Impersonate Password Managers and Banking Apps

Researchers at SquareX Labs have uncovered a sophisticated “polymorphic” attack targeting Google Chrome extensions, allowing malicious extensions to seamlessly morph into trusted ones, such as password managers, cryptocurrency wallets, and banking apps. The attack exploits Chrome’s ‘chrome.management’ API to gain insights into the user’s installed extensions and then impersonates them to steal sensitive information. 

The attack begins when an unsuspecting user installs a seemingly legitimate extension—such as an AI-powered marketing tool—through the Chrome Web Store. Once installed, the extension gains access to the list of other installed extensions using the ‘chrome.management’ API. If this permission is not granted, attackers can use a stealthier approach, injecting malicious code into web pages to detect installed extensions based on unique resource requests. 

This information is then sent to an attacker-controlled server, which determines whether a targeted extension is present. If a high-value target, such as a password manager, is detected, the malicious extension initiates the impersonation process. SquareX demonstrated how attackers could disable a legitimate extension, like 1Password, using the ‘chrome.management’ API or by manipulating the user interface to hide it. Simultaneously, the malicious extension changes its name, icon, and behavior to mimic the real one. 
To lure victims into entering their credentials, attackers deploy deceptive tactics, such as displaying fake session expiration messages that prompt users to log back in via a phishing form.

The stolen credentials are then sent to the attackers, after which the malicious extension reverts to its original state and re-enables the genuine extension, making detection nearly impossible. 

SquareX Labs has responsibly disclosed the vulnerability to Google, warning that it remains exploitable even in the latest Chrome version. The researchers recommend that Google strengthen security measures by restricting abrupt extension modifications, such as icon or HTML changes, or at the very least, issuing user alerts when such modifications occur. They also criticize Google’s classification of the ‘chrome.management’ API as a “medium risk,” given its extensive use in widely trusted extensions, including ad blockers and password managers. 

As of now, Google has not implemented any direct countermeasures against this attack. BleepingComputer has reached out to the company for a statement and will update its report accordingly. Meanwhile, users are advised to exercise caution when installing Chrome extensions and to be wary of unusual login prompts that could be phishing attempts.
Read more »
Subscribe to: Posts (Atom)