Malware steals Chrome session cookies to take over your accounts
ID: 054a15c1-9c45-5cfb-a31c-d9f85dbf797e
STIX ID: report--054a15c1-9c45-5cfb-a31c-d9f85dbf797e
Feed Name: Malwarebytes Blog
Threat Score
A phishing email delivers a disguised JavaScript attachment (.pfd.js) that drops files and triggers a chain installing a malicious Chrome extension with a native host. The extension and native application use Chrome native messaging to run PowerShell, collect cookies, tabs and fingerprints, enable remote commands, and allow session hijacking and potential data exfiltration; the report lists specific IOCs (filenames, extension ID, domain) and provides mitigation advice.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
