Threat Actor Offers Cookie-Stealing Google Extension on Dark Forum

Cybersecurity experts have raised the alarm over a new threat actor’s claim about selling a malicious stealer that leverages a Google Chrome extension to siphon cookies from users’ browsers.

The alleged tool, reportedly available for purchase on dark web forums, could pose a severe threat to both individuals and organizations alike.

Malicious Google Extension at the Heart of the Threat

According to the post from ThreatMon, the stealer, as described by the threat actor in an online forum, integrates cookie-stealing capabilities into a Google Chrome extension.

This extension, purportedly available on the Google Store marketplace, can operate under the guise of a legitimate add-on.

Once installed, it works by silently exfiltrating browser cookies, potentially granting attackers access to victims’ accounts, and bypassing traditional security mechanisms like passwords and even two-factor authentication (2FA).

Cookies are often used to maintain user sessions or remember login states, making them a valuable target for cybercriminals.

If compromised, they can enable unauthorized access to critical accounts, such as email, social media, and financial services.

This makes such tools particularly dangerous for high-value targets, such as businesses or government organizations.

Growing Trend of Malware via Browser Extensions

This incident highlights a growing trend of cybercriminals exploiting browser extensions as attack vectors.

Since extensions often gain significant permissions within browsers, they serve as a convenient platform for malicious actors to embed harmful functionalities like spyware, keyloggers, and now cookie stealers.

The threat actor behind this tool has not disclosed detailed technical specifications but claims the extension comes prepackaged with cookie-stealing capabilities.

Security experts note that leveraging known marketplaces like the Google Store makes such attacks even more insidious, as users are more likely to trust and install extensions available from an official platform.

The presence of malicious applications on legitimate app stores underlines the need for stricter security screening and verification processes by platform providers.

Cybersecurity Community Watches for Further Developments

While the cybersecurity community is yet to confirm the authenticity of the claims, experts are urging users and organizations to adopt proactive measures.

These include frequently reviewing installed browser extensions, limiting permissions for extensions, and leveraging endpoint detection tools to monitor suspicious activity.

Google has not yet stated this alleged threat. However, given the potential damage such a tool can inflict, the tech giant is likely to investigate and take action if an offending extension exists on its platform.

As the threat landscape continues to evolve, this case serves as a stark reminder of the importance of staying vigilant online, updating security protocols, and fostering awareness around new attack vectors.

Also Read:

Alleged Sale of Network Access to Italian Ministry Sparks Cybersecurity Concern

See more