Malicious Browser Extensions: A Threat Modeling & Mitigation Playbook

New Webinar | March 11th, 10AM CT

Attackers are doubling down on malicious browser extensions as their method of choice. Recent campaigns like ShadyPanda, ZoomStealer, GhostPoster, and the breaches impacting vendors like Cyberhaven and Trust Wallet, all highlight the threat posed by malicious extensions.

Most malicious extensions didn’t start that way. Attackers take over legitimate extensions and push malicious updates that steal data, intercept cookies and tokens, log keystrokes, and more. They bide their time for maximum impact, pulling the trigger at the right moment to infect millions of browsers at once.

But security safeguards implemented at the extension store level aren’t catching malicious updates. Attackers are using dynamically compiled, stealthily smuggled code that can’t be reliably spotted through static code checks or sandbox analysis.

Thankfully, with the right tools and approach, organizations can take practical steps to bring the risk posed by malicious extension attacks to virtually zero.

Join Push Security Field CTO Mark Orlando on the 11th March for a teardown of malicious browser extension functionality. You’ll learn:

How attackers are using extensions to steal data from millions of browsers

Why malicious extensions can still be distributed via legitimate channels

How to spot what makes an extension malicious or high-risk

The operational pitfalls to watch out for when managing extensions

Our step-by-step approach to securing browser extension use in your organization

Can't make it live? Register anyway and get a copy of the recording sent to your inbox.