108 Chrome extensions caught stealing user data and hijacking sessions
(socket.dev)
from beep@piefed.world to cybersecurity@infosec.pub on 17 Apr 11:04
https://piefed.world/c/cybersecurity/p/1044809/108-chrome-extensions-caught-stealing-user-data-and-hijacking-sessions
from beep@piefed.world to cybersecurity@infosec.pub on 17 Apr 11:04
https://piefed.world/c/cybersecurity/p/1044809/108-chrome-extensions-caught-stealing-user-data-and-hijacking-sessions
- 54 extensions steal Google account identity via OAuth2;
- 1 extension actively exfiltrates Telegram Web sessions every 15 seconds;
- 1 extension includes staged infrastructure for Telegram session theft (not yet activated);
- 2 extensions strip YouTube security headers and inject ads;
- 1 extension strips TikTok security headers and injects ads;
- 2 extensions inject content scripts into every page the user visits;
- 1 extension proxies all translation requests through the threat actor’s server;
- 45 extensions contain a universal backdoor that opens arbitrary URLs on browser start.
threaded - newest