Skip to main content

Malicious Extension Targets Chromium-Based Web Browsers, Steals Data

By May 8, 2024No Comments

According to the Broadcom Threat Bulletin, a U.S. water and wastewater treatment plant became the target of a cyber attack claimed by a cybercriminal group.

The group allegedly demonstrated its interaction with the systems of the Tipton Wastewater Treatment Plant via a video shared on its Telegram channel.

Malicious Extension Targets Chromium-Based Web Browsers, Steals Data

Symantec Threat Hunter Team has observed a concerning surge in attempts to deploy a malicious extension targeting Chromium-based web browsers, including Google Chrome, Microsoft Edge, Brave, and Opera.

This malicious browser extension poses a significant threat, capable of harvesting clipboard data, browser history, Google Pay and Facebook balance information, capturing screenshots, and even launching web pages.

Its reported functionality extends to cryptocurrency theft and other sensitive data, with the potential for further updates, heightening its danger.

Initial research suggested various malware loaders as delivery mechanisms for this extension. However, Symantec’s investigations reveal a distinct infection chain starting with download links hosted on platforms like

Google Drive or MediaFire.

The download link leads to a ZIP file named “,” containing an MSI installer. Within this installer lies a blend of legitimate and malicious components. The malicious DLL, sideloaded via the legitimate

file, facilitates the installation of the harmful browser extension.

For more detailed information about this threat, please see the PDF below