Fake Forcepoint Google Chrome Extension Hacks Windows Users
#1
Information 
Quote:Cybercriminals have been using a novel approach to exfiltrate data that involves directly injecting malicious Google Chrome extensions onto victims’ Windows machines via the abuse of Google’s cloud synching function.

The goal of the recently-identified campaign is to manipulate data in internal web applications that the victims have access to, according to an analysis.
 
According to Bojan Zdrnja, writing for the SANS Institute, attackers are directly planting malicious extensions on the targets’ computers, rather than uploading them to the Chrome Web Store and waiting for victims to download them.
 
The malicious add-on is disguised as a “Forcepoint Endpoint Chrome Extension for Windows,” with the attackers using the security company’s logo to enhance an air of legitimacy.

The threat actors “dropped the extension locally in a folder and loaded it directly from Chrome on a compromised workstation,” explained Zdrnja, in an analysis late last week. “This is actually a legitimate function in Chrome – you can access it by going to More Tools -> Extensions and enabling Developer mode, after which you can load any extensions locally, directly from a folder by clicking on ‘Load unpacked.'”
 
The analysis doesn’t detail how the initial compromise was carried out. However, when it comes to the attack goal, “they actually limited activities on this workstation to those related to web applications, which explains why they dropped only the malicious Chrome extension, and not any other binaries,” the researcher explained. “That being said, it also makes sense – almost everything is managed through a web application today, be it your internal CRM, document management system, access rights management system or something else.”

Read more: https://threatpost.com/fake-forcepoint-g...ks/163728/
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
QOwnNotes
26.7.2 Added supp...Kool — 03:40
WhatsApp Launches New Username Feature ...
WhatsApp Opens Usern...harlan4096 — 17:12
AnyDesk 9.7.9 for Windows
Version 9.7.9 for ...harlan4096 — 15:57
uBOLite 2026.705.2152 (already available...
uBOLite 2026.705.2...harlan4096 — 10:23
Microsoft Warns Windows 11 Enterprise De...
Microsoft has issu...harlan4096 — 10:22

[-]
Birthdays
Today's Birthdays
avatar (56)Step 1
Upcoming Birthdays
avatar (47)dapedDow
avatar (49)TromPerl
avatar (46)RidgeDimb
avatar (37)ipumaqar
avatar (51)tanliorsPeri
avatar (43)lapedDow
avatar (49)rituabew
avatar (37)omyjul
avatar (41)papedDow
avatar (50)ArnoldFum
avatar (38)yfaza
avatar (49)Kevensi
avatar (48)ConradRoand
avatar (39)boineDon
avatar (51)spoofTum
avatar (50)WillieVot
avatar (40)Grompelbawn
avatar (41)vkseogaF
avatar (37)usogy
avatar (40)ywixazok
avatar (38)ixoqe
avatar (36)pa.OpenTran

[-]
Online Staff
harlan4096's profile harlan4096
Administrator

>