Squarex reveals multi -shape extensions that turn into any extension of the browser

Palo Alto, Singapore, March 6, 2025/CyberNewswire/-With the recent disclosure of the attack, such as Sync browser And extension Infostealers, browser accessories have become an essential concern for security in many organizations.

SquarexThe research team discovers a new category of malicious extensions that can imitate the personality of any extension installed on the victim’s browser, including password managers and encryption portfolios.

These malicious extensions can turn until it has the same user interface, symbols and the exact text as a legitimate attachment, which makes it a very convincing issue for victims to enter their accreditation data and other sensitive information.

This attack affects most of the main browsers, including chrome and edge. Multiple extensions work by exploiting the fact that most users interact with extensions through installed in the browser toolbar.

The attack begins by installing the user for harmful extension, which hides itself, for example, as a modest AI tool. To make the attack more persuasive, the extension performs the function of artificial intelligence as it is announced and remains benign for a pre -specified period of time.

However, while all this happens, the harmful extension begins to know other additions that are installed in the victim’s browser. Once defined, the multi -shape extension completely changes its own look to look like the target, including the symbol shown on the installed toolbar.

It can even temporarily disable the target extension, and remove it from the installed tape. Given that most users use these symbols as a visual confirmation to inform the extension they interact with, it is possible that changing the same symbol to persuade the average user that they click on the project extension.

Even if the victim is moving to the extension information panel, there is no clear way to connect the tools displayed there to the installed symbols. To avoid doubts, harmful extension can temporarily give the target extension so that they are the only ones who have a target icon in the installed tab.

It is important, that the multi -shape extension can imitate any extension of the browser. For example, the managers of the popular password can mimic to deceive the victims to enter their main password. This password can then be used by the attacker to log in to the real password manager and access all accreditation data stored in the password.

Likewise, multi -shape extension can also simulate the popular coding portfolios, allowing them to use stolen credit data to authorize the transmission transactions of encrypted currency to the attacker.

Other potential goals include developers and banking extensions that may be provided to the attacker, which is not authorized to applications in which sensitive data or financial assets are stored.

Moreover, the attack only requires medium -risk permissions based on the Chrome store classification. Ironically, many of these permissions are used by the password managers themselves, as well as other common tools such as advertising blockers and pages designer, which makes it particularly difficult for the Chrome store teams and safety teams to determine the malicious intention once you look at the extension code.

Squarex founder, Vivic Ramashandran It warns that “the browser extensions are a great danger to institutions and users today. Unfortunately, most institutions have no way to check the current extension fingerprint and verify whether they are harmful. This emphasizes the need for an original security solution to the browser such as the browser discovery and responding to it, similar to what EDR is for the operating system.”

These multi -shape extensions use the features inside Chrome to perform the attack. As such, there is no error in the programs, and it cannot be corrected. Squarex wrote to Chrome about responsible disclosure, or a recommendation to prohibit or implement user alerts of any extension icon changes or sudden changes in HTML, where these technologies can be easily used by attackers to impersonate another person in a multi -shape attack.

For institutions, fixed extension analyzes and permissions-based policies are no longer sufficient-it is important to have a local security tool for the browser that can analyze the extension behavior dynamically at the time of operation, including multi-shape trends of malignant accessories.

For more information about multi -shape extensions, additional results of this research are available in https://sqrx.com/polymorphic-extensions.

About Squarex

Squarex Institutions help to discover, alleviate web attacks on the side of the customer, spoke against their users in actual time, including defending harmful additions. In addition to the multi -shape attack, Squarex was also the first to discover and detect multiple extension attacks, including the browser synchronization, the CHROME Approval of the attack leading to Cyberhaven and many of the other MV3 compatible extensions that were detected in Def Con 32.

The BDR (BDR) detection solution (BDR) in Squarex is an approach that focuses on the attack of the browser security, ensuring the organization’s users from advanced threats such as pure QR codes, manufacturing in the risk browser, macro -based malicious programs, other web attacks that define malicious files, industrial sites, and sites, and sites, and sites, and sites, and sites, and sites, and sites, and sites, and sites, and sites, and sites, and sites, and sites, And sites made of extracts.

In addition, with Squarex, institutions can provide contractors and workers from a safe arrival in internal applications, saas for institutions, and convert browsers on BYD / non -managed devices to reliable browsing sessions.

communication

Head of public relations

Young Leo

Squarex