Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.
Featured Analysis
Featured article analysis: Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs
This article from BleepingComputer details a significant and concerning campaign involving over 100 malicious Google Chrome extensions designed to steal user data and execute remote scripts. These extensions cleverly impersonate legitimate and popular tools such as VPNs, AI assistants, crypto utilities, and even specific brands like Fortinet and YouTube. By offering some of the promised functionality while simultaneously operating covertly in the background, these extensions deceive users into granting them broad permissions. This allows the threat actors to pilfer browser cookies, including sensitive session tokens, perform DOM-based phishing attacks, inject malicious JavaScript, and even modify network traffic for purposes like ad delivery, redirection, or proxying user activity through their own servers.
The discovery by DomainTools highlights the scale of this operation, with over 100 fake domains created to promote these malicious extensions, likely through malvertising campaigns. These websites feature seemingly legitimate “Add to Chrome” buttons that directly link to the malicious listings on the Chrome Web Store, lending a false sense of security and authenticity. The article provides a list of several of these deceptive domains, showcasing the wide range of impersonated services and brands. While Google has reportedly removed many of the identified extensions, the fact that some still persist underscores the challenges in rapidly detecting and eliminating such threats, as well as the actors’ determination to remain active.
The potential consequences for users who install these malicious extensions are severe, ranging from account hijacking and personal data theft to comprehensive monitoring of their browsing activities. The article emphasizes that these extensions essentially create a backdoor within the infected browser, granting attackers extensive control and the potential for further exploitation. Alarmingly, the stolen session cookies could even be used to compromise legitimate VPN devices or accounts, providing a pathway to infiltrate corporate networks and launch more damaging attacks. The article concludes with crucial advice for users: exercise caution by only trusting reputable publishers, carefully reviewing user reviews for any suspicious signs, and remaining vigilant about the permissions requested by browser extensions.
Projects
- TryHackMe – Public Key Cryptography Basics – In Progress
Videos
Articles
- The Kids Online Safety Act is back, with the potential to change the internet – The Kids Online Safety Act (KOSA) has been reintroduced into Congress. If passed into law, this bill could impose some of the most significant legislative changes that the internet has seen in the U.S. since the Children’s Online Privacy Protection Act (COPPA) of 1998.
- Have I Been Pwned 2.0 is Now Live! – This has been a very long time coming, but finally, after a marathon effort, the brand new Have I Been Pwned website is now live!
- KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS – KrebsOnSecurity last week was hit by a near record distributed denial-of-service (DDoS) attack that clocked in at more than 6.3 terabits of data per second (a terabit is one trillion bits of data).
- PowerSchool hacker pleads guilty to student data extortion scheme – A 19-year-old college student from Worcester, Massachusetts, has agreed to plead guilty to a massive cyberattack on PowerSchool that extorted millions of dollars in exchange for not leaking the personal data of millions of students and teachers.
- Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs – A Google Chrome Web Store campaign uses over 100 malicious browser extensions that mimic legitimate tools, such as VPNs, AI assistants, and crypto utilities, to steal browser cookies and execute remote scripts secretly.
Leave a Reply