image credit: Pixabay

Attackers Leverage Locally-Loaded Chrome Extension for Data Exfiltration

February 8, 2021

While the use of malicious Chrome extensions in attacks is not something new, this attack stands out from the crowd due to the use of ‘Developer mode’ in the browser to enable loading of a malicious extension locally.

The extension was dropped in a folder on the compromised workstation, while the ‘Developer mode’ was enabled directly from the browser (it is available in More Tools -> Extensions). Any user can leverage this legitimate function by clicking ‘Load unpacked.’

Read More on Security Week