Browser Extension
Credential-stealing Chrome extensions target enterprise HR platforms
Malicious Chrome extensions on the Chrome Web Store masquerading as productivity and security tools for enterprise HR and ERP platforms were discovered stealing authentication credentials or blocking management pages used to respond to security incidents. The campaign was discovered by cybersecurity firm Socket, which says it identified five Chrome extensions targeting Workday, NetSuite, and SAP […]
Malicious GhostPoster browser extensions found with 840,000 installs
Another set of 17 malicious extensions linked to the GhostPoster campaign has been discovered in Chrome, Firefox, and Edge stores, where they accumulated a total of 840,000 installations. The GhostPoster campaign was first reported by Koi Security researchers in December. They found 17 extensions that were hiding malicious JavaScript code in their logo images, which monitored browser activity and planted […]
Zoom Stealer browser extensions harvest corporate meeting intelligence
A newly discovered campaign, which researchers call Zoom Stealer, is affecting 2.2 million Chrome, Firefox, and Microsoft Edge users through 18 extensions that collect online meeting-related data like URLs, IDs, topics, descriptions, and embedded passwords. Zoom Stealer is one of three browser extension campaigns that reached more than 7.8 million users over seven years and […]
Trust Wallet says 2,596 wallets drained in $7 million crypto theft attack
Trust Wallet says attackers who compromised its browser extension right before Christmas have drained approximately $7 million from nearly 3,000 cryptocurrency wallet addresses. The cryptocurrency wallet (used by over 200 million people according to its official website) allows users to store, send, receive, and manage Bitcoin, Ethereum, Solana, and thousands of other cryptocurrencies and digital […]
GhostPoster attacks hide malicious JavaScript in Firefox addon logos
A new campaign dubbed ‘GhostPoster’ is hiding JavaScript code in the image logo of malicious Firefox extensions with more than 50,000 downloads, to monitor browser activity and plant a backdoor. The malicious code grants operators persistent high-privilege access to the browser, enabling them to hijack affiliate links, inject tracking code, and commit click and ad fraud. […]
ShadyPanda browser extensions amass 4.3M installs in malicious campaign
A long-running malware operation known as “ShadyPanda” has amassed over 4.3 million installations of seemingly legitimate Chrome and Edge browser extensions that evolved into malware. The operation, discovered by Koi Security, unfolded in distinct phases that gradually introduced additional malicious functionality, turning the browser extension from a legitimate tool into spyware. The ShadyPanda campaign consists […]
Mozilla: New Firefox extensions must disclose data collection practices
Starting next month, Mozilla will require Firefox extension developers to disclose whether their add-ons collect or share user data with third parties. The devs will be required to disclose any new extension’s data practices in the manifest.json file using a dedicated browser_specific_settings.gecko.data_collection_permissions key beginning November 3, 2025. Mozilla will also require all extension developers to […]
Microsoft Edge to block malicious sideloaded extensions
Microsoft is planning to introduce a new Edge security feature that will protect users against malicious extensions sideloaded into the web browser. Edge enables developers to install extensions locally (also known as sideloading) for testing purposes before publishing them to the Microsoft Edge Add-ons store by toggling the “Developer Mode” option on the Extensions management page and clicking the […]
Mozilla now lets Firefox add-on devs roll back bad updates
Mozilla has announced a new feature that enables Firefox extension developers to roll back to previously approved versions, allowing them to quickly address critical bugs and issues. Once the latest extension version is reverted, users will no longer be able to install it. If automatic updates are enabled, the web browser will also automatically revert […]
Major password managers can leak logins in clickjacking attacks
Six major password managers with tens of millions of users are currently vulnerable to unpatched clickjacking flaws that could allow attackers to steal account credentials, 2FA codes, and credit card details. Threat actors could exploit the security issues when victims visit a malicious page or websites vulnerable to cross-site scripting (XSS) or cache poisoning, where attackers […]