500 Chrome Extensions Caught Stealing Private Data of 1.7 Million Users

Posted by & filed under Security Alerts.

Google removed 500 malicious Chrome extensions from its Web Store after they found to inject malicious ads and siphon off user browsing data to servers under the control of attackers. These extensions were part of a malvertising and ad-fraud campaign that’s been operating at least since January 2019, although evidence points out the possibility that… Read more »

Windows, Chrome Zero-Days Chained in Operation WizardOpium Attacks

Posted by & filed under Security Alerts.

Zero-day vulnerabilities in Google Chrome and Microsoft Windows were used to download and install malware onto Windows computers that visited a Korean-language news portal. A zero-day vulnerability is one that is known, but not patched by the developers in charge of patching the vulnerability. These zero-day vulnerabilities are particularly dangerous as they can be used by state-sponsored attackers… Read more »

New Chrome Password Stealer Sends Stolen Data to a MongoDB Database

Posted by & filed under Security Alerts.

A new Windows trojan has been discovered that attempts to steal passwords stored in the Google Chrome browser. While this is nothing unique, what stands out is that the malware uses a remote MongoDB database to store the stolen passwords. This trojan is called CStealer, and like many other info-stealing trojans, was created to target and steal login credentials… Read more »