Cyber-Espionage Group Uses Chrome Extension To Infect Victims

In what appears to be a first on the cyber-espionage scene, a nation-state-backed hacking group has used a Google Chrome extension to infect victims and steal passwords and cookies from their browsers. From a report: This is the first time an APT (Advanced Persistent Threat -- an industry term for nation-state hacking groups) has been seen (ab)using a Chrome extension, albeit it's not the first time one has used a browser extension, as the Russian-linked Turla APT previously used a Firefox add-on in 2015. According to a report that's going to be published later today by the ASERT team at Netscout reveals the details of a spear-phishing campaign that's been pushing a malicious Chrome extension since at least May 2018.

Hackers used spear-phishing emails to lure victims on websites copied from legitimate academic organizations. These phishing sites, now down, showed a benign PDF document but prevented users from viewing it, redirecting victims to the official Chrome Web Store page to install a (now removed) Chrome extension named Auto Font Manager.

When a product

[AHuxley]

is made totally safe for ads then malware just has to look like an approved service :)
Good security cant keep allowing approved ads in and still keep a user safe.

When building a great new OS, browser keep security in mind, not how to keep access for ads.

Comment removed

[account_deleted]

Comment removed based on user account deletion

For those too lazy to RTFA

[helpfulcorn]

The extension is "Auto Font Manager", a ridiculously stupid extension that I imagine if you are reading /., you don't have, because it was essentially always installed as a part of a scam. So don't freak out or anything, it's not any of the actually important extensions.