GlassWorm Returns: 24 Malicious Browser Extensions Found
This newsletter is AI generated and may hallucinate sometimes 😊
‘HashJack’ demo hides malicious instructions in URL
- Cato Networks revealed "HashJack," a vulnerability embedding malicious instructions within URL hashtags.
- Exploit targets AI-powered browsers, injecting prompts for large language models to unwittingly execute commands.
- This attack bypasses network security; Google's AI browser reportedly remains vulnerable despite patches by others.
Source: IT Brew | Date: December 02, 2025
ShadyPanda browser extensions amass 4.3M installs in malicious campaign
- ShadyPanda campaign installed over 4.3 million malicious Chrome and Edge browser extensions, performing fraud and hijacking.
- Extensions steal browsing history, keystrokes, and cookies, enabling remote code execution via hourly JavaScript payloads.
- Users must remove extensions, reset passwords, and monitor updates; some still available on Microsoft Edge store.
Source: BleepingComputer | Date: December 01, 2025
GlassWorm Returns with 24 Malicious Browser Extensions
- The GlassWorm campaign has resurfaced with 24 new malicious browser extensions impersonating legitimate developer tools, targeting developers to inject ads, steal credentials, and hijack accounts.
- These extensions were available on official browser stores for Chrome and Edge, employing tactics like delaying malicious activity to evade detection and leveraging a supply chain attack vector.
- Users are advised to scrutinize browser extensions, check developer reputations, and regularly review installed extensions for suspicious behavior to mitigate risks from such sophisticated campaigns.
Source: The Hacker News | Date: December 2, 2025