New Browser Extension Threat Can Impersonate Password Managers and Crypto Wallets

SquareX researchers expose polymorphic browser extensions that mimic legitimate tools, putting sensitive data and financial assets at risk.

SquareX has identified a new class of malicious browser extensions capable of impersonating other extensions, including password managers and crypto wallets.
These polymorphic extensions can replicate the appearance, icon, and user interface of legitimate extensions, tricking users into entering sensitive credentials.
The attack leverages medium-risk permissions and exploits existing browser functionalities, making it difficult to detect and impossible to patch.
Victims are lured into installing these extensions under the guise of useful tools, such as AI applications, which initially perform as advertised before turning malicious.
SquareX has recommended changes to browser security protocols, including alerts for extension icon changes, but warns that comprehensive solutions will require significant browser updates.