Seattle-based ICEBRG's Security Research Team discovered four malicious Google Chrome extensions affecting some 500,000 users. These provide a substantial pool of resources to use for fraudulent purposes and financial theft.
While performing a routine investigation of anomalous traffic, ICEBRG's SRT detected a suspicious spike in outbound network traffic from a customer workstation prompting an investigation leading to the discovery harmful Google Chrome extensions, which could affect workstations within major organizations, including financial institutions, globally.
The ICEBRG research team, Justin Warner, principal security engineer and Mario De Tore, technical director, security research and operations, revealed their findings in a blog. "While these web-based applications can enhance the users overall experience, they also pose a threat to workstation security with the ability to inject and execute arbitrary code." The SRT asserted to a motivated threat actor, this approach presents a range of opportunities, from co-opting enterprise resources for advertising click-fraud to leveraging a user's workstation as a foothold into the enterprise network.
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
- Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Roy Urrico
Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).
