logo

Malware steals Chrome session cookies to take over your accounts

ID: 054a15c1-9c45-5cfb-a31c-d9f85dbf797e

STIX ID: report--054a15c1-9c45-5cfb-a31c-d9f85dbf797e

Feed Name: Malwarebytes Blog

Threat Score
75/100

Date Published: 2026-06-26

Date Updated: 2026-06-26

...
...

A phishing email delivers a disguised JavaScript attachment (.pfd.js) that drops files and triggers a chain installing a malicious Chrome extension with a native host. The extension and native application use Chrome native messaging to run PowerShell, collect cookies, tabs and fingerprints, enable remote commands, and allow session hijacking and potential data exfiltration; the report lists specific IOCs (filenames, extension ID, domain) and provides mitigation advice.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.