Nathan
SF VIP
- Location
- High Desert- Calif.
"Attackers can abuse this man-in-the-middle capability at any moment. They can redirect users to download the “critical Zoom update” when they receive a Zoom meeting invitation, or to a pixel-perfect replica of their bank’s login page to steal credentials.
Each extension operated with separate domains, giving the appearance of separate developers behind them. However, they shared the same centralized attack infrastructure.
Koi Security researchers urge the immediate deletion of the following extensions from Chrome and Edge.
Chrome:
Edge:
Researchers suggest that users review all installed extensions and remove unwanted add-ons. Look for similar suspicious behaviour – a previously trusted extension can change hands and turn malicious with a single update.
While the malicious extensions seem to have been removed from stores, some of the attacker-controlled domains listed among the indicators of compromise in the report are still active and advertising malicious tools."
https://cybernews.com/security/chro...medium=social&campaign=cybernews&content=post
Each extension operated with separate domains, giving the appearance of separate developers behind them. However, they shared the same centralized attack infrastructure.
Koi Security researchers urge the immediate deletion of the following extensions from Chrome and Edge.
Chrome:
- Emoji keyboard online – copy&paste your emoji
- Free Weather Forecast
- Video Speed Controller – Video Manager
- Unlock Discord – VPN Proxy to Unblock Discord Anywhere
- Dark Theme – Dark Reader for Chrome
- Volume Max – Ultimate Sound Booster
- Unblock TikTok – Seamless Access with One-Click Proxy
- Unlock YouTube VPN
- Color Picker, Eyedropper – Geco colorpick
- Weather
Edge:
- Unlock TikTok
- Volume Booster – Increase your sound
- Web Sound Equalizer
- Header Value
- Flash Player – games emulator
- Youtube Unblocked
- SearchGPT – ChatGPT for Search Engine
- Unlock Discord
Researchers suggest that users review all installed extensions and remove unwanted add-ons. Look for similar suspicious behaviour – a previously trusted extension can change hands and turn malicious with a single update.
While the malicious extensions seem to have been removed from stores, some of the attacker-controlled domains listed among the indicators of compromise in the report are still active and advertising malicious tools."
https://cybernews.com/security/chro...medium=social&campaign=cybernews&content=post