Security News > 2025 > March > Researchers Expose New Polymorphic Attack That Clones Browser Extensions to Steal Credentials

2025-03-10 14:47
Cybersecurity researchers have demonstrated a novel technique that allows a malicious web browser extension to impersonate any installed add-on. "The polymorphic extensions create a pixel perfect replica of the target's icon, HTML popup, workflows and even temporarily disables the legitimate extension, making it extremely convincing for victims to believe that they are providing credentials to
News URL
https://thehackernews.com/2025/03/researchers-expose-new-polymorphic.html
Related news
- Browser-in-the-Browser attacks target CS2 players' Steam accounts (source)
- Australian pension funds hit by wave of credential stuffing attacks (source)
- Browser extensions make nearly every employee a potential attack vector (source)
- CVE-2025-24054 Under Active Attack—Steals NTLM Credentials on File Download (source)
- Three Reasons Why the Browser is Best for Stopping Phishing Attacks (source)
- Researchers Demonstrate How MCP Prompt Injection Can Be Used for Both Attack and Defense (source)