Browser extensions are a high-risk attack vector for enterprises, allowing threat actors to bypass traditional security controls and gain a foothold on corporate endpoints. Case in point: A recently identified malicious extension called NexShield proves that a single user install from an official and nominally safe online marketplace can escalate into full remote access. Huntress researchers found that it downloads a previously undocumented Windows remote access trojan (RAT) onto domain-joined machines, which are “typically corporate … More →
The post Fake browser crash alerts turn Chrome extension into enterprise backdoor appeared first on Help Net Security.
http://news.poseidon-us.com/TQRGbT
