In a recent phishing campaign, fraudsters used a legitimate browser extension tool called SingleFile to obfuscate their attacks and remain undetected.
Security researchers observed the Razy Trojan installing malicious extensions across multiple web browsers to steal cryptocurrency.
Cybercriminals altered Texthelp's Browsealoud web screen reader to install a cryptocurrency miner on many high-profile websites, including government sites in the U.S. and U.K.
The beta version of Opera 50 is the first major browser to offer a built-in mechanism that blocks cryptojacking, a new form of malware that leverages a victim's CPU to mine cryptocurrency.
The WoT privacy breach highlights the commonplace nature of third-party data selling and frequent failure to read the fine print in user agreements.
Two researchers recently described how Firefox extensions can be leveraged for malicious purposes without triggering Mozilla security warnings.
Subpar APIs in one of AVG's Chrome extensions could wind up exposing user browsing history or even turn the extension into a vessel for malware.