Behind the Mask of Madgicx Plus: A Chrome Extension Campaign Targeting Meta Advertisers
ID: f4ef0e4c-6c92-5b6d-bb11-33410ee0a8d2
STIX ID: report--f4ef0e4c-6c92-5b6d-bb11-33410ee0a8d2
Feed Name: Cybereason Blog
Cybereason Security Services analyzed an active campaign distributing malicious Chrome extensions branded as “Madgicx Plus” and similar ad-optimization tools to target Meta advertisers. The extensions request wide host permissions, inject scripts, remove Origin headers to bypass security checks, and exfiltrate Google/Facebook session tokens to enable account takeover; investigators uncovered numerous lure domains, shared hosting (behind Cloudflare and VDSina), observed C2 communication, and provided mitigation recommendations to verify publishers, remove unused extensions, and separate browsing contexts.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.