Security News > 2021 > February > Fake Forcepoint Google Chrome Extension Hacks Windows Users
Cybercriminals have been using a novel approach to exfiltrate data that involves directly injecting malicious Google Chrome extensions onto victims' Windows machines via the abuse of Google's cloud synching function.
The malicious add-on is disguised as a "Forcepoint Endpoint Chrome Extension for Windows," with the attackers using the security company's logo to enhance an air of legitimacy.
The threat actors "Dropped the extension locally in a folder and loaded it directly from Chrome on a compromised workstation," explained Zdrnja, in an analysis late last week.
Next, a permissions parameter specified that the extension can use the storage API. And finally, the background parameter specifies JavaScript files that will run when extension is loaded.
The authors of the malicious Forcepoint add-on were able to steal information from users' internal extensions thanks to setting up a behind-the-scenes "Chat" between the malicious extension and other web apps.
The extension also uses the "Chrome.storage.sync.get" and "Chrome.storage.sync.save" methods, so that all these values will be automatically synced to Google's cloud by Chrome, under the context of the user being logged in in Chrome.
News URL
https://threatpost.com/fake-forcepoint-google-chrome-extension-hacks/163728/
Related news
- Google Chrome will let you send money to your favourite website (source)
- Google Chrome gets a mind of its own for some security fixes (source)
- Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense (source)
- New Google Chrome feature will translate complex pages in real time (source)
- New Octo Android malware version impersonates NordVPN, Google Chrome (source)
- Google fixes ninth Chrome zero-day exploited in attacks this year (source)
- Google fixes ninth Chrome zero-day tagged as exploited this year (source)
- Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild (source)
- Google tags a tenth Chrome zero-day as exploited this year (source)
- Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation (source)