Subj : Malicious "polymorphic" Chrome extensions can mimic other tools t To : All From : TechnologyDaily Date : Fri Mar 07 2025 13:15:08 Malicious "polymorphic" Chrome extensions can mimic other tools to trick victims Date: Fri, 07 Mar 2025 13:13:00 +0000 Description: A malicious browser extension can assume the appearance of another one, and disable it at the same time, experts warn. FULL STORY ======================================================================Research ers find malicious browser extensions can assume the appearance of any other installed in the browser It can also disable other extensions, completely tricking the victim The extension can steal sensitive passwords, cryptos, and more Cybersecurity researchers have found malicious shapeshifting Google Chrome browser extensions in the wild, able to change their appearance to pretty much anything else installed on the target device, opening the doors for credential theft, cryptocurrency theft, and possibly even wire fraud. Researchers from SquareX said they spotted a malicious browser extension which at first, seems benign. It can be an unassuming AI tool, or pretty much anything else. When its first installed, it will behave as expected, for at least a while, while it analyzes which other extensions are installed in the browser. If it spots anything particularly interesting (such as a crypto wallet, for example), the extension will completely transform its appearance, including the interface, the shortcut icon, and everything else, to look exactly the same. It will then disable the legitimate extension, so that it is the only one offering that particular functionality - meaning it is almost impossible for the victim to realize they are being targeted. Feature, not a bug To make matters worse, the researchers said that the malware just abuses the design of browsers and extensions. There is no bug, no vulnerability being exploited, meaning that cybersecurity solutions, antivirus programs, and other endpoint protection tools, cannot flag it or remove it. It gets worse, too - the extensions only require medium risk permissions, the same ones required by password managers and similar tools. Therefore, the malware cannot even be spotted by Chrome Store and other security teams simply looking at the code. They are calling them polymorphic extensions and believe they are an entirely new class of malware. They said the malware impacts most major browsers, including Chrome and Edge. Browser extensions present a major risk to enterprises and users today, commented SquareX founder, Vivek Ramachandran. Unfortunately, most organizations have no way of auditing their current extension footprint and to check whether they are malicious. This further underscores the need for a browser native security solution like Browser Detection and Response, similar to what an EDR is to the operating system. Google has been notified, but has yet to respond. You might also like Google Chrome extensions hit in major attack - dozens of developers affected, so be on your guard We've rounded up the best password managers Take a look at our guide to the best authenticator app ====================================================================== Link to news story: https://www.techradar.com/pro/security/malicious-polymorphic-chrome-extensions -can-mimic-other-tools-to-trick-victims --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .