FlagThis

Palo Alto, USA, March 29th, 2025, CyberNewsWire -- SquareX has disclosed a browser-native ransomware that poses a significant risk to millions. Unlike traditional ransomware, this new threat doesn't require file downloads, rendering it undetectable by conventional endpoint security solutions like antivirus software. Instead, it targets the victim’s digital identity, exploiting the shift toward cloud-based enterprise storage and the use of browser-based authentication for accessing these resources.

This browser-native ransomware leverages AI agents to automate most of the attack sequence, minimizing the need for social engineering and attacker intervention. One potential scenario involves tricking a user into granting a fake productivity tool access to their email. The tool then identifies SaaS applications the user is registered with and systematically resets the passwords using AI agents, locking the user out and holding enterprise data hostage. SquareX's founder, Vivek Ramachandran, cautions that the ingredients for such attacks are already being seen in browser-based identity attacks, making it only a matter of time before a sophisticated attacker combines them effectively.

ImgSrc: hackread.com

References :

• gbhackers.com: SquareX Discloses Browser-Native Ransomware that Puts Millions at Risk
• hackread.com: Palo Alto, USA, 29th March 2025, CyberNewsWire
• The Last Watchdog: News alert: SquareX discloses nasty browser-native ransomware that’s undetectable by antivirus
• NextBigFuture.com: Palo Alto, USA, 29th March 2025, CyberNewsWire

Classification:

• HashTags: #Ransomware #BrowserSecurity #SquareX
• Company: SquareX
• Target: Internet Users
• Product: SquareX
• Feature: Browser-Native
• Malware: Browser-Native Ransomware
• Type: Ransomware
• Severity: Major