SquareX Unveils Polymorphic Extensions that Morph Infostealers into Any Browser Extension – Password Managers, Wallets at Risk

SquareX researchers disclose a new class of "polymorphic" malicious browser extensions that can impersonate any installed extension (including password managers and crypto wallets) by changing icons and UI and even temporarily disabling target extensions; this enables convincing phishing of master passwords and authorization of crypto transfers. The attack leverages standard browser features and medium-risk permissions, affects major browsers like Chrome and Edge, cannot be patched as a software bug, and prompts recommendations for browser-native runtime monitoring and controls.