Monthly Archives: May 2019
Browser extensions are a staple of almost every user’s set up. Even in managed environments, users are often able to install extensions or ‘Add Ons’ without authorisation when these are sourced from trusted sources like Apple’s Safari Extensions Gallery and Google’s Chrome store. Of course, there’s nothing new about attackers exploiting the browser extension as a means to gaining a foothold in a target environment. The problem has been around for years: what is surprising is just how difficult it is to contain the problem. In this post, I take a look at the risks involved with what appears to be a harmless extension available for both Safari and Chrome. As we’ll find out, not everything appears as it seems.
Last month, researchers at Kaspersky reported on a Lazarus APT campaign targeting both macOS and Windows users involved in the financial sector, particularly those using cryptocurrency exchanges. The Lazarus group, also known as Hidden Cobra, have been operating since at least 2009 and were most notoriously blamed for the 2014 hack on Sony.