CyberSecurity news
FlagThis - #browsers
|
cybernewswire@The Last Watchdog
//
Palo Alto, USA, March 29, 2025 - SquareX has disclosed a new form of ransomware that operates natively within web browsers and is undetectable by traditional antivirus software. This browser-native ransomware poses a significant threat to enterprises, potentially putting millions at risk. The disclosure comes as ransomware continues to be a major cybersecurity concern, with Chainalysis estimating that corporations spend nearly $1 billion annually on ransom payments alone. The true cost, however, is often much higher due to reputational damage and operational disruption.
SquareX's research highlights that unlike traditional ransomware, this new variant does not require victims to download and install malicious files. Instead, it targets the user's digital identity, exploiting the increasing reliance on cloud-based enterprise storage and browser-based authentication. SquareX founder, Vivek Ramachandran, warns that the rise in browser-based identity attacks indicates that the "ingredients" for browser-native ransomware are already being used by adversaries. He emphasizes the need for browser-native solutions to combat this emerging threat, as traditional endpoint security measures are ineffective against these attacks.
Share:
References :
Classification:
@www.bleepingcomputer.com
//
The North Korean hacking group Kimsuky has been observed in recent attacks employing a custom-built RDP Wrapper and proxy tools to directly access infected machines. A new report by AhnLab's ASEC team details additional malware used by Kimsuky in these attacks, highlighting the group's intensified use of modified tools for unauthorized system access. This cyber espionage campaign begins with spear-phishing tactics, distributing malicious shortcut files disguised as legitimate documents to initiate the infection chain.
These files, often disguised as PDFs or Office documents, execute commands via PowerShell or Mshta to download malware such as PebbleDash and the custom RDP Wrapper, enabling remote control of compromised systems. Kimsuky's custom RDP Wrapper, a modified version of an open-source utility, includes export functions designed to evade detection by security software, facilitating stealthy remote access. In environments where direct RDP access is restricted, Kimsuky deploys proxy malware to bypass network barriers, maintaining persistent access and employing keyloggers and information-stealing malware to exfiltrate sensitive data.
Share:
References :
Classification:
@ciso2ciso.com
//
SquareX has revealed a new attack method called "Browser Syncjacking" which exploits browser synchronization features to give attackers full control over a user's browser and device. This technique uses malicious browser extensions to hijack a user's browser by silently adding a profile managed by the attacker, essentially granting them complete access and control of the system. The attack starts when a user installs a seemingly innocuous extension, which could be disguised as an AI tool or even a popular extension already with millions of users.
The malicious extension then automatically authenticates the victim into a Chrome profile controlled by the attacker's Google Workspace. This method does not require any additional permissions from the user above read/write capabilities that most browser extensions already request. Experts from SquareX demonstrated how this enables attackers to escalate privileges and conduct a total browser and device takeover with minimal user interaction. This discovery suggests that any browser extension could be a potential attack vector as these extensions are not put through additional security scrutiny.
Share:
References :
Classification:
|