ioc[.]one - OSINT Cyber Threat Intelligence Database

Show in Graph

Common Information

Type	Value
Value	Browser Extensions - T1176
Category	Attack-Pattern
Type	Mitre-Enterprise-Attack-Attack-Pattern
Misp Type	Cluster
Description	Browser extensions or plugins are small programs that can add functionality and customize aspects of internet browsers. They can be installed directly or through a browser's app store. Extensions generally have access and permissions to everything that the browser can access. (Citation: Wikipedia Browser Extension) (Citation: Chrome Extensions Definition) Malicious extensions can be installed into a browser through malicious app store downloads masquerading as legitimate extensions, through social engineering, or by an adversary that has already compromised a system. Security can be limited on browser app stores so may not be difficult for malicious extensions to defeat automated scanners and be uploaded. (Citation: Malicious Chrome Extension Numbers) Once the extension is installed, it can browse to websites in the background, (Citation: Chrome Extension Crypto Miner) (Citation: ICEBRG Chrome Extensions) steal all information that a user enters into a browser, to include credentials, (Citation: Banker Google Chrome Extension Steals Creds) (Citation: Catch All Chrome Extension) and be used as an installer for a RAT for persistence. There have been instances of botnets using a persistent backdoor through malicious Chrome extensions. (Citation: Stantinko Botnet) There have also been similar examples of extensions being used for command & control (Citation: Chrome Extension C2 Malware). Detection: Inventory and monitor browser extension installations that deviate from normal, expected, and benign extensions. Process and network monitoring can be used to detect browsers communicating with a C2 server. However, this may prove to be a difficult way of initially detecting a malicious extension depending on the nature and volume of the traffic it generates. Monitor for any new items written to the Registry or PE files written to disk. That may correlate with browser extension installation. Platforms: Linux, macOS, Windows Data Sources: Network protocol analysis, Packet capture, System calls, Process use of network, Process monitoring, Browser extensions Permissions Required: User Contributors: Justin Warner, ICEBRG

Details		Published	Attributes	Title
Details	Website	2025-05-24	8	Crypto Drainers are Targeting Cryptocurrency Users
Details	Website	2025-05-23	1	Cybersecurity Snapshot: AI Data Security Best Practices Released, While New Framework Seeks To Help IT Pros Gain Cyber Skills \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware - National Cyber Security Consulting
Details	Website	2025-05-23	12	Crypto Drainers are Targeting Cryptocurrency Users
Details	Website	2025-05-23	49	Katz Stealer Threat Analysis - Nextron Systems
Details	Website	2025-05-23	27	Chihuahua Stealer Malware Targets Browser and Wallet Data
Details	Website	2025-05-23	4	New Formjacking Malware Targets E-Commerce Sites to Steal Credit Card Data
Details	Website	2025-05-23	25	Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs - PRSOL:CC
Details	Website	2025-05-23	6	Cybersecurity Snapshot: AI Data Security Best Practices Released, While New Framework Seeks To Help IT Pros Gain Cyber Skills
Details	Website	2025-05-23	14	Weaponizing AI Hype: An In-Depth Look into the Kling AI Facebook Malvertising RAT Campaign - CyberSRC
Details	Website	2025-05-22	0	Microsoft strikes the Lumma Stealer malware \| #cybercrime \| #infosec - National Cyber Security Consulting
Details	Website	2025-05-22	0	Legitimate tools spoofed by infostealing Chrome extensions
Details	Website	2025-05-21	0	Lumma infostealer infected about 10 million systems before global disruption \| #cybercrime \| #infosec - National Cyber Security Consulting
Details	Website	2025-05-21	31	Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer
Details	Website	2025-05-21	7	Sophisticated & Stealthy Formjacking Malware Targets E-Commerce Checkout Pages
Details	Website	2025-05-21	1	Cybercriminals Mimic Kling AI to Distribute Infostealer Malware
Details	Website	2025-05-21	0	Over 100 Malicious Chrome Extensions Exploiting Users to Steal Login Credentials and Execute Remote Code
Details	Website	2025-05-21	10	Malicious Hackers Create Fake AI Tool to Exploit Millions of Users
Details	Website	2025-05-21	33	Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer \| Microsoft Security Blog
Details	Website	2025-05-21	2	A OpenPGP.js flaw lets attackers spoof message signatures
Details	Website	2025-05-21	13	Protecting Against Brand Impersonation Attacks with Browser Detection and Response
Details	Website	2025-05-21	25	Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs
Details	Website	2025-05-21	0	Lumma infostealer infected about 10 million systems before global disruption
Details	Website	2025-05-21	237	ESET takes part in global operation to disrupt Lumma Stealer
Details	Website	2025-05-20	2	Attack Surface Reduction for Enterprises: A Guide
Details	Website	2025-05-20	61	The Sting of Fake Kling: Facebook Malvertising Lures Victims to Fake AI Generation Website