
108 Chrome extensions, one server: how to check yours for session theft
Socket found 108 Chrome extensions routing logins and live Telegram sessions to a single server. Here's how the campaign worked and how to check your own.
8 articles found

Socket found 108 Chrome extensions routing logins and live Telegram sessions to a single server. Here's how the campaign worked and how to check your own.
A fake uBlock Origin clone crashed Chrome on purpose, then tricked users into running malware. Here's how to spot the CrashFix trap and check your extensions.
GhostPoster hid malware inside extension icon images for up to five years across Chrome, Firefox, and Edge. Here's how steganography works and what to check.
A sideloaded browser extension is how UNC6692's SNOWBELT runs inside headless Edge, skipping Web Store review entirely. Here's how to detect it in your org.
GlassWorm compromised 72+ Open VSX IDE extensions to deploy a Chrome infostealer stealing session cookies via Solana blockchain C2. Here's what to check.
ShadyPanda ran 145 malicious extensions on Chrome and Edge for 6 years, from affiliate fraud to keylogging spyware with 4.3M installs. How to check yours.
LayerX Labs showed any browser extension — even ones with no permissions — can silently modify your downloads to deliver malware. Here's how to stay safe.
17 malicious sleeper extensions found across Firefox, Chrome, and Edge with 840K downloads. They hid malware in images for up to 5 years undetected.