Attackers are doubling down on malicious browser extensions as their technique of selection. Latest campaigns like ShadyPanda, ZoomStealer, GhostPoster, and the breaches impacting distributors like Cyberhaven and Belief Pockets, all spotlight the menace posed by malicious extensions.
Most malicious extensions didn’t begin that manner. Attackers take over reliable extensions and push malicious updates that steal information, intercept cookies and tokens, log keystrokes, and extra. They bide their time for optimum impression, pulling the set off on the proper second to contaminate thousands and thousands of browsers without delay.
However security safeguards applied on the extension retailer degree aren’t catching malicious updates. Attackers are utilizing dynamically compiled, stealthily smuggled code that can’t be reliably noticed by way of static code checks or sandbox evaluation.
Fortunately, with the best instruments and method, organizations can take sensible steps to carry the danger posed by malicious extension assaults to nearly zero.
Be part of Push Safety Discipline CTO Mark Orlando on the eleventh March for a teardown of malicious browser extension performance. You’ll study:
Cannot make it dwell? Register anyway and get a replica of the recording despatched to your inbox.
