Annex Security

80 posts

Annex Security

@secureannex

Discover what is hiding in your software extensions. Acquired by @SocketSecurity

Katılım Temmuz 2024

5 Takip Edilen282 Takipçiler

Annex Security@secureannex·28 Nis

Today we're announcing that @secureannex has been acquired by @SocketSecurity! Supply chain security is a deceptively wide problem from open source code to browser extensions. Developers and IT teams can't stop it from impacting their organization alone. secureannex.com/blog/annex-acq…

English

347

Annex Security retweetledi

@levelsio@levelsio·1 Nis

Chrome extensions are so incredibly unsafe Malware criminals find popular ones, pay the owners of the extension lots of money, they add malware to the code and millions of people get infected Then they take your cookies, localStorage, anything they can access Which is why in locked down advanced security devices you can't even install Chrome extensions I mostly run uBlock Origin, but have some others that I'll just vibecode now to stay safe

@levelsio@levelsio

I think I'll just vibe code all my Chrome extensions with Claude Code to avoid having to use any and being dependent on someone getting bribed to add malware to their extension It's not a question IF it happens, just WHEN

English

100

1.5K

241.6K

Annex Security retweetledi

Wes Bos@wesbos·1 Nis

HEADS UP. Popular JSON formatter extension has started injecting geolocation tracking and donation UI into websites Reddit thread seems to think they are also swapping tracking IDs for affiliates (a-la honey) Uninstall and switch to another one

English

222

1.8K

324.4K

Annex Security retweetledi

Cole Tenold@coletenold·1 Nis

@wesbos "Mom, how did we get so rich?" "Your dad created an open source chrome extension then rug pulled everyone and injected malicious code, sold everyone's data and received affiliate money for every purchase they made online"

English

1.4K

Annex Security@secureannex·13 Mar

That extension that looks fine? Attackers use this one simple trick to slip malware into your marchine.

tuckner@tuckner

Code extensions can declare an 'extensionPack' in their package.json to install other 'supporting' extensions. I detected a suspicious Python extension published today that installs another extension called my-command-pallete which was published 2 days ago.

English

173

Annex Security retweetledi

tuckner@tuckner·27 Şub

A Chrome extension with 7,000 users and a Google Featured badge was recently sold, weaponized, and pushed a malicious update to that executed code through a hidden pixel. Here's how it worked 👇

English

359

37.7K

Annex Security retweetledi

tuckner@tuckner·24 Şub

🧨 New CrashFix techniques found in browser extensions. "Pixel Shield" — a fully functional ad blocker (4.7 stars, 561 users) because it is a uBlock Origin clone. Hidden inside: a "Promise Bomb" that creates 10 MILLION unresolvable promises to crash your browser on command.

English

13.1K

Annex Security retweetledi

tuckner@tuckner·11 Şub

This report contains 287 browser extensions tracking 37 million+ users. These were identified using methodology of sandboxing extensions, automatically browsing to URLs, and measuring a data ratio transferred. Real companies, fake services, well established, it's a mixed bag.

English

182

50K

Annex Security retweetledi

tuckner@tuckner·29 Oca

The next supply chain worm has been seeded in Open VSX. A cloned Angular extension with 5000 downloads has been available for two weeks and was updated with malware 6 days ago. This multi stage attack uses etherhiding, gcal c2, rust implants, and more. annex.security/blog/worms-lur…

English

10.3K

Annex Security retweetledi

Andrew Northern 𓅓@ex_raritas·28 Oca

Needless to say. If you aren’t using secureannex.com wyd????

Andrew Northern 𓅓@ex_raritas

. @tuckner has (rightfully) made me so paranoid about chrome extensions.

English

513

Annex Security@secureannex·22 Oca

RT @tuckner: Great work by the Obsidian Security team exfiltrating ChatGPT API keys to Telegram. I heard there's more to come! https://t.c…

English

138

Annex Security@secureannex·17 Oca

Think browser extensions are just PUPs? Here are the real impacts.

Huntress@HuntressLabs

Fake browser crash → fake extension → real RAT. KongTuke's “CrashFix” tricks users into installing a malicious Chrome extension. Domain-joined victims hit with ModeloRAT—a Python backdoor with persistence and C2. @RussianPanda9xx @wbmmfq @Curity4201 - okt.to/lXj0zP

English

152

Annex Security retweetledi

Tanner@wbmmfq·17 Oca

I also used @secureannex and @IceSolst's @CRXaminer when I was analyzing it originally. Both very helpful tools! app.secureannex.com/extensions/sea… crxaminer.tech/scan/cpcdkmjdd…

English

576

Annex Security retweetledi

tuckner@tuckner·29 Ara

A browser extension with over a million users is poaching the prompts of leading AI chat tools. SimilarWeb loads obfuscated remote configuration to collect the prompts, responses and metadata of your conversations. Your private thoughts are analytics companies gain. secureannex.com/blog/prompt-po…

English

Annex Security retweetledi

Trust Wallet@TrustWallet·26 Ara

We’ve identified a security incident affecting Trust Wallet Browser Extension version 2.68 only. Users with Browser Extension 2.68 should disable and upgrade to 2.69. Please refer to the official Chrome Webstore link here: chrome.google.com/webstore/detai… Please note: Mobile-only users and all other browser extension versions are not impacted. We understand how concerning this is and our team is actively working on the issue. We’ll keep sharing updates as soon as possible.

English

810

883

2.9M

Annex Security retweetledi

BleepingComputer@BleepinComputer·2 Ara

Glassworm malware returns in third wave of malicious VS Code packages - @billtoulas bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

English

10.1K

Annex Security retweetledi

Florian Roth ⚡️@cyb3rops·1 Ara

Glassworm's resurgence | by @secureannex @tuckner "we've identified and tracked an unprecedented 23 extensions which copy other popular extensions, update after publishing with malware, manipulate download counts, and use KNOWN attack signatures which have been in use for months" secureannex.com/blog/glassworm…

English

6.2K

Annex Security retweetledi

tuckner@tuckner·1 Ara

Glassworm returned in a big way during the holiday. We're tracking 23 code extensions across the VS Marketplace and Open VSX which copy popular extensions, evade filters, manipulate their download counts, and then update with sinister malware. secureannex.com/blog/glassworm…

English

2.3K

Annex Security retweetledi

tuckner@tuckner·17 Kas

The extension was approved, now what? Are you going back tomorrow to see if it changed? You know they auto update instantly right? Rolling out to Secure Annex - code change alerts. This takes comparison of the code from the previous version along with additional context to understand how the code in an extension is changing over time.

English

Annex Security retweetledi

tuckner@tuckner·14 Kas

A brand new unlisted extension with 100,000 users? 41 ratings? Must be really valuable. Nope - completely manipulated stats and it doesn't even contain real code. It exists only to collect your searches and earn Bing Rewards.

English

177

14.1K

Keşfet

@SocketSecurity @wesbos @tuckner @IceSolst @CRXaminer @billtoulas @elonmusk @BarackObama