Application security, Threat Intelligence

Polymorphic browser extensions could target credentials, report finds

Google Chrome icon on a computer screen

Threat actors could compromise credentials through a novel attack technique involving polymorphic extensions spoofing and disabling already installed website add-ons in Chromium-based web browsers, reports The Hacker News.

Installation of polymorphic extensions masked as utilities in extension markets triggers the scanning of web resources linked to targeted extensions before proceeding with its transformation into a copy of the legitimate extension, according to a report from SquareX.

Aside from replacing its icon, such an extension also works to deactivate and remove the legitimate one from the browser's toolbar before working to obtain victims' credentials that could be leveraged for further compromise.

"The polymorphic extension attack is extremely powerful as it exploits the human tendency to rely on visual cues as a confirmation. In this case, the extension icons on a pinned bar are used to inform users of the tools they are interacting with," said SquareX researchers.

Malicious actors were also recently reported by SquareX to have leveraged a trojanized Chrome extension to enable device takeovers as part of a new Browser Syncjacking attack.

An In-Depth Guide to Application Security

Get essential knowledge and practical strategies to fortify your applications.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds