Tag: chrome extension

6 Attack Reports | 0 Vulnerabilities

Attack reports

The AI Frame Campaign Continues

A malicious Chrome extension impersonating Google's Authenticator application has been identified as part of an ongoing campaign active since early 2026. The extension requests excessive permissions and contains dormant infrastructure suggesting a staged deployment model where malicious updates can…
credential theft
chrome extension
two-factor authentication
browser security
iframe injection
2026-04-24
aiframe campaign
fraudulent paywall
Published: April 24, 2026
Downloadable IOCs: 1

Reflecting on AI in 2025: Faster Attacks, Same Old Tradecraft

In 2025, AI did not revolutionize cyber attacks as predicted. Instead, adversaries used AI to accelerate traditional tradecraft, focusing on speed and accessibility rather than new offensive capabilities. The article examines several case studies showcasing AI-generated scripts for credential theft…
credential theft
chrome extension
2026-01-12
ai-generated attacks
cybersecurity outlook
powershell scripts
tradecraft acceleration
Published: January 12, 2026
Downloadable IOCs: 6

Legitimate Chrome VPN Extension Turns to Browser Spyware

A popular Chrome VPN extension, FreeVPN.One, with over 100,000 installs has transformed into spyware. Initially legitimate, the extension began capturing screenshots of users' online activities and collecting sensitive information after an update in April 2025. The spyware operates covertly, automa…
spyware
vpn
data exfiltration
chrome extension
browser security
google web store
2025-08-19
screenshot capture
freevpn.one
user privacy
Published: August 19, 2025
Downloadable IOCs: 3

Cyberhaven Extension Compromise: TLS Certificates Reveal Hidden Infrastructure

A phishing attack targeting a Cyberhaven employee led to the compromise of their Google Chrome extension. The attacker published a malicious version on the Chrome Web Store, active for 24 hours, capable of exfiltrating cookies and session data. Analysis of IP addresses and domains revealed connecti…
phishing
chrome extension
domain spoofing
2025-01-10
certificate rotation
Published: January 10, 2025
Downloadable IOCs: 66

Cyberhaven’s preliminary analysis of the recent malicious Chrome extension

A phishing attack on December 24th, 2024 compromised a Cyberhaven employee's access to the Google Chrome Web Store, leading to the publication of a malicious version of their Chrome extension. This was part of a larger campaign targeting Chrome Extension developers, primarily aiming at Facebook Ads…
phishing
data exfiltration
chrome extension
command and control
2025-01-02
facebook ads
oauth
Published: January 2, 2025
Downloadable IOCs: 5

Kimsuky Deploys TRANSLATEXT Chrome Extension

In March 2024, the cybersecurity firm Zscaler observed a new activity from Kimsuky, a North Korean state-sponsored hacker group. They employed a malicious Google Chrome extension named 'TRANSLATEXT' specifically crafted to steal email addresses, usernames, passwords, cookies, and capture browser sc…
malware
north korea
cyber espionage
credential theft
2024-06-28
chrome extension
Published: June 28, 2024
Downloadable IOCs: 10
Click here to see more Attack Reports