CyberSecurity news
FlagThis - #browsersecurity
|
cybernewswire@The Last Watchdog
//
Palo Alto, USA, March 29, 2025 - SquareX has disclosed a new form of ransomware that operates natively within web browsers and is undetectable by traditional antivirus software. This browser-native ransomware poses a significant threat to enterprises, potentially putting millions at risk. The disclosure comes as ransomware continues to be a major cybersecurity concern, with Chainalysis estimating that corporations spend nearly $1 billion annually on ransom payments alone. The true cost, however, is often much higher due to reputational damage and operational disruption.
SquareX's research highlights that unlike traditional ransomware, this new variant does not require victims to download and install malicious files. Instead, it targets the user's digital identity, exploiting the increasing reliance on cloud-based enterprise storage and browser-based authentication. SquareX founder, Vivek Ramachandran, warns that the rise in browser-based identity attacks indicates that the "ingredients" for browser-native ransomware are already being used by adversaries. He emphasizes the need for browser-native solutions to combat this emerging threat, as traditional endpoint security measures are ineffective against these attacks.
Share:
References :
Classification:
Aman Mishra@gbhackers.com
//
A recent cybersecurity investigation has uncovered a cluster of 16 malicious Chrome extensions that have compromised at least 3.2 million users. These extensions, which include functionalities like screen capture, ad blocking, and emoji keyboards, were found to inject code into browsers, facilitating advertising and search engine optimization fraud. GitLab's security team discovered these extensions on the official Google Web Store and were used to insert ads and manipulate search engine results.
The malicious extensions operate by checking in with unique configuration servers, transmitting extension versions and hardcoded IDs, and storing configuration data locally. They also create alarms to refresh this data periodically and degrade browser security by stripping Content Security Policy (CSP) protections. Following the discovery, Google was notified, and all identified extensions have been removed from the Chrome Web Store. However, users must manually uninstall these extensions as removal from the store does not trigger automatic uninstalls.
Share:
References :
Classification:
@ciso2ciso.com
//
SquareX has revealed a new attack method called "Browser Syncjacking" which exploits browser synchronization features to give attackers full control over a user's browser and device. This technique uses malicious browser extensions to hijack a user's browser by silently adding a profile managed by the attacker, essentially granting them complete access and control of the system. The attack starts when a user installs a seemingly innocuous extension, which could be disguised as an AI tool or even a popular extension already with millions of users.
The malicious extension then automatically authenticates the victim into a Chrome profile controlled by the attacker's Google Workspace. This method does not require any additional permissions from the user above read/write capabilities that most browser extensions already request. Experts from SquareX demonstrated how this enables attackers to escalate privileges and conduct a total browser and device takeover with minimal user interaction. This discovery suggests that any browser extension could be a potential attack vector as these extensions are not put through additional security scrutiny.
Share:
References :
Classification:
|