Malicious Browser Extensions: A Threat Modeling & Mitigation Playbook

#1725568: Malicious Browser Extensions: A Threat Modeling & Mitigation Playbook - March 11th

Description:	Attackers are doubling down on malicious browser extensions as their method of choice. Recent campaigns like ShadyPanda, ZoomStealer, GhostPoster, and the breaches impacting vendors like Cyberhaven and Trust Wallet, all highlight the threat posed by malicious extensions. Most malicious extensions didn’t start that way. Attackers take over legitimate extensions and push malicious updates that steal data, intercept cookies and tokens, log keystrokes, and more. They bide their time for maximum impact, pulling the trigger at the right moment to infect millions of browsers at once. But security safeguards implemented at the extension store level aren’t catching malicious updates. Attackers are using dynamically compiled, stealthily smuggled code that can’t be reliably spotted through static code checks or sandbox analysis. Thankfully, with the right tools and approach, organizations can take practical steps to bring the risk posed by malicious extension attacks to virtually zero. Join Push Security Field CTO Mark Orlando on the 11th March for a teardown of malicious browser extension functionality. You’ll learn: How attackers are using extensions to steal data from millions of browsers Why malicious extensions can still be distributed via legitimate channels How to spot what makes an extension malicious or high-risk The operational pitfalls to watch out for when managing extensions Our step-by-step approach to securing browser extension use in your organization Can't make it live? Register anyway and get a copy of the recording sent to your inbox.
More info:	https://pushsecurity.com/webinar/browser-extension-attacks?utm_source=bleepingcomputer&utm_medium=sponsored-content&utm_term=ad

Description:

Attackers are doubling down on malicious browser extensions as their method of choice. Recent campaigns like ShadyPanda, ZoomStealer, GhostPoster, and the breaches impacting vendors like Cyberhaven and Trust Wallet, all highlight the threat posed by malicious extensions.

Most malicious extensions didn’t start that way. Attackers take over legitimate extensions and push malicious updates that steal data, intercept cookies and tokens, log keystrokes, and more. They bide their time for maximum impact, pulling the trigger at the right moment to infect millions of browsers at once.

But security safeguards implemented at the extension store level aren’t catching malicious updates. Attackers are using dynamically compiled, stealthily smuggled code that can’t be reliably spotted through static code checks or sandbox analysis.

Thankfully, with the right tools and approach, organizations can take practical steps to bring the risk posed by malicious extension attacks to virtually zero.

Join Push Security Field CTO Mark Orlando on the 11th March for a teardown of malicious browser extension functionality. You’ll learn:

How attackers are using extensions to steal data from millions of browsers
Why malicious extensions can still be distributed via legitimate channels
How to spot what makes an extension malicious or high-risk
The operational pitfalls to watch out for when managing extensions
Our step-by-step approach to securing browser extension use in your organization
Can't make it live? Register anyway and get a copy of the recording sent to your inbox.

More info:

https://pushsecurity.com/webinar/browser-extension-attacks?utm_source=bleepingcomputer&utm_medium=sponsored-content&utm_term=ad

Date added	Feb. 24, 2026, 12:59 p.m.
Source	pushsecurity
Subjects	PodCasts / Webcast / Webinar / eSummit / Virtual Event etc. ShadyPanda Cybercriminal Group
Venue	March 11, 2026, midnight - March 11, 2026, midnight