"For every page, frame, and request, the security headers are now gone. User traffic is now vulnerable to many new attacks like clickjacking. The compromised version requested new permissions, including declarativeNetRequestWithHostAccess and webRequest, which granted deeper control over browsing activity and network requests."
"Browser extensions operate with extensive access to web traffic, page content, and authenticated user sessions. In the case of QuickLens, the extension had approximately 7,000 users and previously held a featured badge in the Chrome Web Store, lending it credibility. After a reported ownership change in early February 2026, a malicious update was pushed to users on Feb. 17, 2026."
"These headers are designed to prevent script injection and clickjacking attacks. By removing them, the extension weakened built-in browser defenses and enabled the execution of malicious scripts across otherwise protected websites. Once active, the extension began communicating with a C2 server at api.extensionanalyticspro[.]top."
QuickLens, a Chrome extension with approximately 7,000 users, was transformed into a malware delivery vehicle following an ownership change in February 2026. A malicious update introduced expanded permissions including declarativeNetRequestWithHostAccess and webRequest, granting deeper control over browsing activity. The compromised version stripped critical security headers—Content-Security-Policy, X-Frame-Options, and X-XSS-Protection—from all visited pages, weakening browser defenses and enabling script injection and clickjacking attacks. The extension established command-and-control communications with a remote server, facilitating cryptocurrency wallet theft and ClickFix attack deployment. The extension was subsequently removed from the Chrome Web Store after security researchers discovered the malicious modifications.
#chrome-extension-security #malware-delivery #cryptocurrency-theft #browser-security-headers #command-and-control-attacks
Read at TechRepublic
Unable to calculate read time
Collection
[
|
...
]