🚀 Cybersecurity Alert: Malicious Code Found in Popular Browser Extensions
#Cybersecurity #MaliciousCode #BrowserExtensions #PhishingAttack #OAuth2 #Cyberhaven #ProxySwitchyOmega #SecurityAlert #DataBreach #Backdoor
According to PANews, a security alert was issued by AabyssTeam's founder on the X platform, revealing that Cyberhaven, a security company, fell victim to a phishing email attack. This breach led to the insertion of malicious code into their browser extension, aiming to access users' browser cookies and passwords. Further analysis uncovered that multiple browser extensions, including Proxy SwitchyOmega (V3), were compromised. These affected extensions, available on the Google Store, have impacted 500,000 users and are currently under scrutiny. SlowMist founder Yu Jian shared the alert, explaining that the attack utilized an OAuth2 attack chain. By obtaining the 'extension publishing rights' of the 'target browser extension' developers, attackers released updates with backdoors. These updates could be automatically triggered each time the browser is launched or the extension is reopened, making the backdoor difficult to detect.#Cybersecurity #MaliciousCode #BrowserExtensions #PhishingAttack #OAuth2 #Cyberhaven #ProxySwitchyOmega #SecurityAlert #DataBreach #Backdoor
❤1
🚀 Antivirus Software May Misidentify Browser Extensions, Says SlowMist Founder
#Antivirus #BrowserExtensions #SlowMist #YuJian #CyberSecurity #WalletExtension #Quarantine #DataRecovery #JavaScript
According to Foresight News, SlowMist founder Yu Jian has highlighted a potential issue with antivirus software misidentifying browser extensions. In a recent tweet, Yu explained that if an antivirus program mistakenly flags a browser extension, such as a wallet extension's JavaScript file, it typically isolates the file. This isolation can render the wallet extension inoperable. Yu advises users to restore the file from quarantine rather than deleting it. He further cautions against uninstalling the wallet extension, as there may still be a chance to recover files related to locally encrypted private keys.#Antivirus #BrowserExtensions #SlowMist #YuJian #CyberSecurity #WalletExtension #Quarantine #DataRecovery #JavaScript
🚀 Understanding Extension Security Risks and Mitigation Strategies
#ExtensionSecurity #Risks #MitigationStrategies #BrowserExtensions #MaliciousActivities #UserVigilance #Permissions #manifestjson #SensitiveInformation #ChromeProfile #ControlledUsage
According to Odaily, SlowMist's Cosine recently shared insights on the X platform regarding the potential risks associated with browser extensions. He highlighted that extensions could engage in malicious activities such as stealing cookies, accessing private data in localStorage, manipulating the DOM, hijacking requests, and capturing clipboard content. These actions can be controlled through permissions configured in the manifest.json file.
Cosine emphasized the importance of users being vigilant about the permissions requested by extensions. While it is challenging for an extension to directly target other extensions, such as well-known wallet extensions, due to sandbox isolation, users should still be cautious. Directly stealing sensitive information like private keys or mnemonic phrases from wallet extensions is unlikely.
To assess the risk of an extension's permissions, Cosine suggested a simple method: after installing an extension, users can refrain from using it initially, check the extension ID, locate the local path on their computer, and examine the manifest.json file. By analyzing this file, users can understand the permissions and potential risks involved.
For those concerned about the risks associated with unfamiliar extensions, Cosine recommended enabling a separate Chrome profile for such extensions. This approach allows for controlled usage, as most extensions do not need to be active continuously.#ExtensionSecurity #Risks #MitigationStrategies #BrowserExtensions #MaliciousActivities #UserVigilance #Permissions #manifestjson #SensitiveInformation #ChromeProfile #ControlledUsage
🚀 Crypto Users Warned of Potential Risks from Browser Extensions
#Crypto #Cybersecurity #BrowserExtensions #MaliciousActors #UserAwareness #SlowMist #Odaily #Tuckner #Risks
According to Odaily, cybersecurity firm SlowMist has issued a warning to cryptocurrency users about the potential risks associated with browser extensions. These extensions can be unknowingly sold to malicious actors, who may then hijack existing users' browsing traffic and redirect it to any desired location without any alerts or prompts. Unless new permissions are required, users may not notice any unusual activity. An investigation by @tuckner revealed that an extension with 400,000 users had changed ownership. Users are advised to remain vigilant.#Crypto #Cybersecurity #BrowserExtensions #MaliciousActors #UserAwareness #SlowMist #Odaily #Tuckner #Risks
🚀 New WebAuthn Vulnerability Exposes Users to Credential Theft
#WebAuthn #CredentialTheft #XSS #BrowserExtensions #PasswordDowngrade #FIDO2 #W3C #YubiKey #WindowsHello #TouchID #AndroidBiometrics #WebAuthentication #SecurityVulnerability
According to PANews, a new type of attack has been identified that can bypass WebAuthn key-based login systems. The discovery was made by 23pds, Chief Information Security Officer at SlowMist Technology, who shared the findings on the X platform. This attack allows perpetrators to hijack the WebAuthn API through malicious browser extensions or by exploiting XSS vulnerabilities on websites. Consequently, attackers can force a downgrade to password login or manipulate the key registration process to steal user credentials.
This vulnerability does not require access to the victim's device or Face ID. Users logging in with keys on compromised websites or those with malicious extensions may face identity impersonation, leading to account breaches.
WebAuthn, or Web Authentication, is a web standard developed by the W3C and FIDO Alliance. It aims to provide secure authentication through public key cryptography, either as a replacement or supplement to traditional passwords. Users can log in using hardware security keys like YubiKey, built-in platform authenticators such as Windows Hello, Touch ID, Android biometrics, or devices compliant with the FIDO2 standard.#WebAuthn #CredentialTheft #XSS #BrowserExtensions #PasswordDowngrade #FIDO2 #W3C #YubiKey #WindowsHello #TouchID #AndroidBiometrics #WebAuthentication #SecurityVulnerability