Rogue and Malicious Software, Apps, and Extensions
At SlashNext, we see malicious browser extensions that merely wait for the 2FA to complete. A browser extension offers bad actors the perfect workaround for organizations that rely heavily on 2FA. By design, once a browser extension is installed, it has access to the complete canvas of the browser. Once logged in, they hijack the session and capture whatever is being rendered on the computer screen. These extensions have the full power to do whatever the user is doing and seeing whatever is within that browser window.
For example, a user logs into a Service Now Management Portal, once 2FA is complete, the browser extension starts collecting data—leaving the organization’s cloud infrastructure wholly open and vulnerable. With cybercriminals waiting for the user to log in legitimately before they start exfiltrating data from the browser, 2FA or multi-factor authentication ceases to be a viable security option to protect organizations.
Example: Screen shots of malicious browser extension.
SlashNext Blog | Rogue Apps and Extensions
Today, while man-in-the-middle (MiTM) attacks are still a big concern, the security endpoint has changed to the browser, creating a MiTB phishing threat that poses real danger.
It’s Time to Get Started with SlashNext
Learn how to leverage the industry’s best zero-hour phishing protection and IR solutions in your environment.