- Researchers find that malicious browser extensions can assume the appearance of any other installed in the browser
- He can also deactivate other extensions, completely deceiving the victim
- The extension can steal sensitive passwords, cryptos and more
Cybersecurity researchers have found Google Chrome navigator extensions with malicious metamorph in nature, capable of changing their appearance by almost everything that is installed on the target apparatus, opening the doors for an identification flight, cryptocurrency flight and perhaps even wire fraud.
Squarex researchers said they had identified a malicious browser extension that seems benign at first. It can be an “unpretentious AI tool”, or almost everything. During its first installation, it will behave as planned, for at least a certain time, while it analyzes which other extensions are installed in the browser.
If he sees something particularly interesting (like a cryptographic wallet, for example), the extension will completely transform its appearance, including the interface, the shortcut icon and everything else, to be alike. He will then deactivate the legitimate extension, so it is the only one to offer this particular functionality – which means that it is almost impossible for the victim to realize that it is targeted.
Functionality, not a bug
To worsen things, the researchers said that malware simply abuse the design of browsers and extensions.
There is no bug, no vulnerability used, which means that cybersecurity solutions, antivirus programs and other termination points protection tools cannot report or delete it. This is also getting worse – extensions only require average risk authorizations, the same compulsory by password managers and similar tools. Therefore, malware cannot even be identified by Chrome Store and other security teams by simply looking at the code.
They call them “polymorphic extensions” and believe that they are a whole new class of malicious software. They said malware has an impact on “most major browsers, including Chrome and Edge”.
“The browser extensions present a major risk for companies and users today,” commented Vivek Ramachandran, founder of Squarex.
“Unfortunately, most organizations have no way to audit their current extension imprint and check if they are malicious. This also underlines the need for a native browser safety solution such as the detection and the browser response, similar to what an EDR is in the operating system. »»
Google has been informed, but has not yet answered.
