Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label browser credential theft. Show all posts
Malwares
browser credential theft Browser Extension Cyber Attacks Login Credentials Malicious Browser Extension Malware attacks Malwares

New Malware Impersonates Browser Extensions to Steal Login Credentials

 

Cybercriminals are continually evolving their tactics to evade antivirus detection and trick users into installing malicious software. One of the latest threats involves malware that impersonates legitimate browser extensions, allowing attackers to steal login credentials while remaining undetected. Although this discovery is concerning, researchers have identified the vulnerability before it could be widely exploited, giving security teams time to respond. 

According to a report by SquareX Labs, this attack starts with scammers developing seemingly useful browser extensions, such as an AI-powered transcription tool. To avoid malware detection, they distribute the extension outside official platforms like the Chrome Web Store or Google Play. Users are then encouraged to pin the extension for easy access, allowing it to quietly monitor their browsing habits over time. 

Once installed, the malicious extension collects data on the user’s existing extensions, particularly those used for handling sensitive information, such as password managers. When the right opportunity arises, it disables the legitimate extension and replaces its icon with an identical version. If the user attempts to access their password manager, they unknowingly interact with the fake extension instead. 

To further deceive users, the fraudulent extension displays a message stating that their session has expired, requiring them to log in again. However, rather than accessing their accounts, victims unknowingly submit their credentials directly to cybercriminals. With this information, attackers can break into password vaults, gaining access to sensitive data, stored passwords, and linked accounts. This method is particularly dangerous because it exploits trust in well-known extensions. 

Unlike traditional phishing attempts, which rely on fake websites or deceptive emails, this attack leverages the user’s own browser environment, making it harder to detect. Victims may not realize they’ve been compromised until they notice unauthorized activity on their accounts. Despite the sophistication of this attack, there is no immediate reason for panic. Security researchers identified the exploit before cybercriminals could widely deploy it, and browser developers have been alerted to the risk. 

However, this incident underscores the importance of practicing good cybersecurity habits. Users should only install browser extensions from trusted sources like the Chrome Web Store, avoid third-party downloads, and check reviews before installation. 

Additionally, enabling multi-factor authentication (MFA) on important accounts can provide an extra layer of security, reducing the risk of credential theft. As cyber threats continue to evolve, staying informed and cautious about software installations remains crucial to maintaining online security.
Read more »
Python NodeStealer
browser credential theft Credit Card Theft Cybersecurity Threats Facebook Ads Manager Infostealer Malware malvertising campaigns malware Python NodeStealer

Upgraded Python NodeStealer Now Targets Facebook Ads Manager and Steals More Sensitive Data

 

Python NodeStealer, a notorious infostealer previously known for targeting Facebook Business accounts, has now been enhanced with new, dangerous capabilities that allow it to infiltrate Facebook Ads Manager accounts. This upgrade not only boosts its ability to steal more data but also paves the way for even more malicious campaigns.

In an extensive analysis by cybersecurity experts at Netskope Threat Labs, it was revealed that the infostealer is now capable of stealing credit card information in addition to previously targeted browser credentials. 

The new attack vector involves copying the “Web Data” from browsers, a SQLite database containing sensitive data like autofill details and saved payment methods.

“With these, the infostealer can now collect the victim’s credit card information which includes the cardholder’s name, card expiration date, and card number,” the researchers pointed out. To access this information, NodeStealer uses Python’s SQLite3 library to run specific queries on the stolen database, looking for credit card-related data.

The new version of Python NodeStealer also abuses Windows Restart Manager, a tool typically used to manage reboots after software updates. In this case, however, the tool is leveraged to bypass locked database files that contain valuable data. By extracting browser database files into a temporary folder, NodeStealer circumvents file locks, and exfiltrates the data via a Telegram bot.

Most likely developed by a Vietnamese cybercriminal group, Python NodeStealer’s primary targets are Facebook Business and Ads Manager accounts, which are then exploited in malvertising campaigns. Since Facebook’s stringent vetting process for ad purchases typically prevents unauthorized ads, cybercriminals now resort to stealing verified accounts to run their malicious ads instead.
Read more »
Subscribe to: Posts (Atom)