Threat Actors Push ClickFix Fake Browser Updates Using Stolen Credentials
ClickFix fake browser updates are being distributed by bogus WordPress plugins. Learn about the common indicators of compromise.
Busting browser fails: What attackers see when they hack your employees’ browser
Hackad hacker outlines why a browser is so vital in the cybercrime ecosystem and what CISOs can do to protect employees against browser hacks
Busting browser fails: What attackers see when they hack your employees’ browser
Hackad hacker outlines why a browser is so vital in the cybercrime ecosystem and what CISOs can do to protect employees against browser hacks
Busting browser fails: What attackers see when they hack your employees’ browser
Hackad hacker outlines why a browser is so vital in the cybercrime ecosystem and what CISOs can do to protect employees against browser hacks
Google Chrome gets real-time phishing protection later this month
Google will roll out a Safe Browsing update later this month that will provide real-time malware and phishing protection to all Chrome users, without compromising their browsing privacy. The company launched Safe Browsing in 2005 to defend users against web phishing attacks and has since upgraded it to block malicious domains that push malware, unwanted software, and various social engineering schemes.
Busting browser fails: What attackers see when they hack your employees’ browser
Hackad hacker outlines why a browser is so vital in the cybercrime ecosystem and what CISOs can do to protect employees against browser hacks
Busting browser fails: What attackers see when they hack your employees’ browser
Hackad hacker outlines why a browser is so vital in the cybercrime ecosystem and what CISOs can do to protect employees against browser hacks
Atomic Stealer distributed to Mac users via fake browser updates | Malwarebytes
Compromised websites are being used to redirect to fake browser updates and deliver malware onto Mac users.
Busting browser fails: What attackers see when they hack your employees’ browser
Hackad hacker outlines why a browser is so vital in the cybercrime ecosystem and what CISOs can do to protect employees against browser hacks
Microsoft Defender Flags Tor Browser as a Trojan and Removes it from the System
Windows users have recently begun mass-reporting that Microsoft's Defender antivirus program, which is integrated into Windows 10 and 11 by default, is
Busting browser fails: What attackers see when they hack your employees’ browser
Hackad hacker outlines why a browser is so vital in the cybercrime ecosystem and what CISOs can do to protect employees against browser hacks
Google Chrome emergency update fixes first zero-day of 2023
Google has released an emergency Chrome security update to address the first zero-day vulnerability exploited in attacks since the start of the year.
Rilide: A New Malicious Browser Extension for Stealing Cryptocurrencies
Trustwave SpiderLabs uncovered a new strain of malware that it dubbed Rilide, which targets Chromium-based browsers such as Google Chrome, Microsoft Edge, Brave, and Opera.
ViperSoftX: Hiding in System Logs and Spreading VenomSoftX - Avast Threat Labs
ViperSoftX is a multi-stage stealer that exhibits interesting hiding capabilities. Other than stealing cryptocurrencies, it also spreads the VenomSoftX browser extension, which performs man-in-the-browser attacks.
Over 2 million users Affected with Browser Hijackers
Cyble Research & Intelligence Labs analyzes the recent surge in users being infected by Browser Hijackers using Chrome plugins.
The Case of Cloud9 Chrome Botnet
The Zimperium zLabs team recently discovered a malicious browser extension, originally called Cloud9, which not only steals the information available during the browser session but can also install malware on a user's device and subsequently assume control of the entire device. In this blog, we will take a deeper look into this malicious browser extension.
Crime group hijacks hundreds of US news websites to push malware
A cybercriminal group has compromised a media content provider to deploy malware on the websites of hundreds of news outlets in the U.S. according to cybersecurity company Proofpoint.
Dormant Colors browser hijackers could be used for more nefarious tasks, report says
Dormant Colors, a browser extension campaign, was spotted stealing browser data and hijacking search results and affiliation to thousands of sites.
“Dormant Colors”: Live Campaign With Over 1M Data Stealing Extensions Installed
The “Dormant Colors” is yet another vast campaign of malicious extensions with millions of active installations worldwide, this time with a color-related theme and full of deception all through the chain. It starts with the trickery malvertising campaign, continues with a crafty novel way to side-load the real malicious code without anyone noticing (until now!), and finally with stealing not only your searches and browsing data, but also affiliation to 10,000 targeted sites — a capability that is easily leveraged for targeted spear phishing, account takeover and credential extraction — all using this powerful network of millions of infected computers worldwide!
Malvertising on Microsoft Edge's News Feed pushes tech support scams
We uncovered a campaign on the Microsoft Edge home page where malicious ads are luring victims into tech support scams.
Malicious Cookie Stuffing Chrome Extensions with 1.4 Million Users
A few months ago, we blogged about malicious extensions redirecting users to phishing sites and inserting affiliate IDs into cookies of eCommerce sites. Since that time, we have investigated several other malicious extensions and discovered 5 extensions with a total install base of over 1,400,000 "...the extensions also track the user’s browsing activity."
Busting browser fails: What attackers see when they hack your employees’ browser
Hackad hacker outlines why a browser is so vital in the cybercrime ecosystem and what CISOs can do to protect employees against browser hacks
ChromeLoader: New Stubborn Malware Campaign
In January 2022, a new browser hijacker/adware campaign named ChromeLoader (also known as Choziosi Loader and ChromeBack) was discovered. Despite using simple malicious advertisements, the malware became widespread, potentially leaking data from thousands of users and organizations.
A New Attack Can Unmask Anonymous Users on Any Major Browser
Researchers have found a way to use the web's basic functions to identify who visits a site—without the user detecting the hack.
2 New Mozilla Firefox 0-Day Bugs Under Active Attack — Patch Your Browser ASAP!
Mozilla has pushed out-of-band software updates to its Firefox web browser to contain two high-impact security vulnerabilities, both of which it says are being actively exploited in the wild.
Rilide: A New Malicious Browser Extension for Stealing Cryptocurrencies
Trustwave SpiderLabs uncovered a new strain of malware that it dubbed Rilide, which targets Chromium-based browsers such as Google Chrome, Microsoft Edge, Brave, and Opera.
ViperSoftX: Hiding in System Logs and Spreading VenomSoftX - Avast Threat Labs
ViperSoftX is a multi-stage stealer that exhibits interesting hiding capabilities. Other than stealing cryptocurrencies, it also spreads the VenomSoftX browser extension, which performs man-in-the-browser attacks.
Over 2 million users Affected with Browser Hijackers
Cyble Research & Intelligence Labs analyzes the recent surge in users being infected by Browser Hijackers using Chrome plugins.
The Case of Cloud9 Chrome Botnet
The Zimperium zLabs team recently discovered a malicious browser extension, originally called Cloud9, which not only steals the information available during the browser session but can also install malware on a user's device and subsequently assume control of the entire device. In this blog, we will take a deeper look into this malicious browser extension.
Crime group hijacks hundreds of US news websites to push malware
A cybercriminal group has compromised a media content provider to deploy malware on the websites of hundreds of news outlets in the U.S. according to cybersecurity company Proofpoint.