Palo Alto, USA, 30th January 2025, CyberNewsWire

**Palo Alto, USA, January 30th, 2025, CyberNewsWire**

SquareX discloses a new attack technique that shows how malicious extensions can be used to completely hijack the browser, and eventually, the whole device.

**PALO ALTO, Calif., Jan. 30, 2025** — Browser extensions have been under the spotlight in enterprise security news recently due to the wave of OAuth attacks on Chrome extension developers and data exfiltration attacks. However, until now, due to the limitations browser vendors place on the extension subsystem and extensions, it was thought to be impossible for extensions to gain full control of the browser, much less the device.

SquareX researchers Dakshitaa Babu, Arpit Gupta, Sunkugari Tejeswara Reddy and Pankaj Sharma debunked this belief by demonstrating how attackers can use malicious extensions to escalate privileges to conduct a full browser and device takeover, all with minimal user interaction. Critically, the malicious extension only requires read/write capabilities present in the majority of browser extensions on the Chrome Store, including common productivity tools like Grammarly, Calendly and Loom, desensitizing users from granting these permissions. This revelation suggests that virtually any browser extension could potentially serve as an attack vector if created or taken over by an attacker. To the best of our understanding, extensions submitted to the Chrome Store requesting these capabilities are not put through additional security scrutiny at the time of this writing.

The browser syncjacking attack can be broken up into three parts: how the extension silently adds a profile managed by the attacker, hijacks the browser and eventually gains full control of the device.

**Profile Hijacking**

The attack begins with an employee installing any browser extension – this could involve publishing one that masquerades as an AI tool or taking over existing popular extensions that may have up to millions of installations in aggregate. The extension then “silently” authenticates the victim into a Chrome profile managed by the attacker’s Google Workspace. This is all done in an automated manner in a background window, making the whole process almost imperceptible to the victim. Once this authentication occurs, the attacker has full control over the newly managed profile in the victim’s browser, allowing them to push automated policies such as disabling safe browsing and other security features.

Using a very clever social engineering attack that exploits trusted domains, the adversary can then further escalate the profile hijacking attack to steal passwords from the victim’s browser. For example, the malicious extension can open and modify Google’s official support page on how to sync user accounts to prompt the victim to perform the sync with just a few clicks. Once the profile is synced, attackers have full access to all credentials and browsing history stored locally. As this attack only leverages legitimate sites and has no visible sign that it has been modified by the extension, it will not trigger any alarm bells in any security solutions monitoring the network traffic.

**Browser Takeover**

To achieve a full browser takeover, the attacker essentially needs to convert the victim’s Chrome browser into a managed browser. The same extension monitors and intercepts a legitimate download, such as a Zoom update, and replaces it with the attacker’s executable, which contains an enrollment token and registry entry to turn the victim’s Chrome browser into a managed browser. Thinking that they downloaded a Zoom updater, the victim executes the file, which ends up installing a registry entry that instructs the browser to become managed by the attacker’s Google Workspace. This allows the attacker to gain full control over the victim’s browser to disable security features, install additional malicious extensions, exfiltrate data and even silently redirect users to phishing sites. This attack is extremely potent as there is no visual difference between a managed and unmanaged browser. For a regular user, there is no telltale sign that a privilege escalation has occurred unless the victim is highly security aware and goes out of their way to regularly inspect their browser settings and look for associations with an unfamiliar Google Workspace account.

**Device Hijacking**

With the same downloaded file above, the attacker can additionally insert registry entries required for the malicious extension to message native apps. This allows the extension to directly interact with local apps without further authentication. Once the connection is established, attackers can use the extension in conjunction with the local shell and other available native applications to secretly turn on the device camera, capture audio, record screens and install malicious software – essentially providing full access to all applications and confidential data on the device.

The browser syncjacking attack exposes a fundamental flaw in the way remote-managed profiles and browsers are managed. Today, anyone can create a managed workspace account tied to a new domain and a browser extension without any form of identity verification, making it impossible to attribute these attacks. Unfortunately, most enterprises currently have zero visibility into the browser – most do not have managed browsers or profiles, nor any visibility to the extensions employees are installing often based on trending tools and social media recommendations.

What makes this attack particularly dangerous is that it operates with minimal permissions and nearly no user interaction, requiring only a subtle social engineering step using trusted websites – making it almost impossible for employees to detect. While recent incidents like the Cyberhaven breach have already compromised hundreds, if not thousands of organizations, those attacks required relatively complex social engineering to operate. The devastatingly subtle nature of this attack – with an extremely low threshold of user interaction – not only makes this attack extremely potent, but also sheds light on the terrifying possibility that adversaries are already using this technique to compromise enterprises today.

Unless an organization chooses to completely block browser extensions via managed browsers, the browser syncjacking attack will completely bypass existing blacklists and permissions-based policies. SquareX’s founder Vivek Ramachandran says “This research exposes a critical blind spot in enterprise security. Traditional security tools simply can’t see or stop these sophisticated browser-based attacks. What makes this discovery particularly alarming is how it weaponizes seemingly innocent browser extensions into complete device takeover tools, all while flying under the radar of conventional security measures like EDRs and SASE/SSE Secure Web Gateways. A Browser Detection-Response solution isn’t just an option anymore – it’s a necessity. Without visibility and control at the browser level, organizations are essentially leaving their front door wide open to attackers. This attack technique demonstrates why security needs to ‘shift up’ to where the threats are actually happening: in the browser itself.”

SquareX has been conducting pioneering security research on browser extensions, including the DEF CON 32 talk Sneaky Extensions: The MV3 Escape Artists that revealed multiple MV3 compliant malicious extensions. This research team was also the first to discover and disclose the OAuth attack on Chrome extension developers one week before the Cyberhaven breach. SquareX was also responsible for the discovery of Last Mile Reassembly attacks, a new class of client-side attacks that exploits architectural flaws and completely bypasses all Secure Web Gateway solutions. Based on this research, SquareX’s industry-first Browser Detection and Response solution protects enterprises against advanced extension-based attacks including device hijacking attempts by conducting dynamic analysis on all browser extension activity at runtime, providing a risk score to all active extensions across the enterprise and further identifying any attacks that they may be vulnerable to.

For more information about the browser syncjacking attack, additional findings from this research are available at **sqrx.com/research**.

**About SquareX**

SquareX helps organizations detect, mitigate and threat-hunt client-side web attacks happening against their users in real time.

SquareX’s industry-first Browser Detection and Response (BDR) solution, takes an attack-focused approach to browser security, ensuring enterprise users are protected against advanced threats like malicious QR Codes, Browser-in-the-Browser phishing, macro-based malware and other web attacks encompassing malicious files, websites, scripts, and compromised networks.

Additionally, with SquareX, enterprises can provide contractors and remote workers with secure access to internal applications, enterprise SaaS, and convert the browsers on BYOD / unmanaged devices into trusted browsing sessions.

**Contact**

**Head of PR**  
**Junice Liew**  
**SquareX**  
**\[email protected\]**

SquareX Discloses “Browser Syncjacking” , a New Attack Technique that Provides Full Browser and Device Control, Putting Millions at Risk

**SquareX discloses a new attack technique that shows how malicious extensions can be used to completely hijack the browser, and eventually, the whole device.**

**PALO ALTO, Calif., Jan. 30, 2025** — Browser extensions have been under the spotlight in enterprise security news recently due to the wave of OAuth attacks on Chrome extension developers and data exfiltration attacks. However, until now, due to the limitations browser vendors place on the extension subsystem and extensions, it was thought to be impossible for extensions to gain full control of the browser, much less the device.

SquareX researchers Dakshitaa Babu, Arpit Gupta, Sunkugari Tejeswara Reddy and Pankaj Sharma debunked this belief by demonstrating how attackers can use malicious extensions to escalate privileges to conduct a full browser and device takeover, all with minimal user interaction. Critically, the malicious extension only requires read/write capabilities present in the majority of browser extensions on the Chrome Store, including common productivity tools like Grammarly, Calendly and Loom, desensitizing users from granting these permissions. This revelation suggests that virtually any browser extension could potentially serve as an attack vector if created or taken over by an attacker. To the best of our understanding, extensions submitted to the Chrome Store requesting these capabilities are not put through additional security scrutiny at the time of this writing.

The browser syncjacking attack can be broken up into three parts: how the extension silently adds a profile managed by the attacker, hijacks the browser and eventually gains full control of the device.

**Profile Hijacking**

The attack begins with an employee installing any browser extension – this could involve publishing one that masquerades as an AI tool or taking over existing popular extensions that may have up to millions of installations in aggregate. The extension then “silently” authenticates the victim into a Chrome profile managed by the attacker’s Google Workspace. This is all done in an automated manner in a background window, making the whole process almost imperceptible to the victim. Once this authentication occurs, the attacker has full control over the newly managed profile in the victim’s browser, allowing them to push automated policies such as disabling safe browsing and other security features.

Using a very clever social engineering attack that exploits trusted domains, the adversary can then further escalate the profile hijacking attack to steal passwords from the victim’s browser. For example, the malicious extension can open and modify Google’s official support page on how to sync user accounts to prompt the victim to perform the sync with just a few clicks. Once the profile is synced, attackers have full access to all credentials and browsing history stored locally. As this attack only leverages legitimate sites and has no visible sign that it has been modified by the extension, it will not trigger any alarm bells in any security solutions monitoring the network traffic.

**Browser Takeover**

To achieve a full browser takeover, the attacker essentially needs to convert the victim’s Chrome browser into a managed browser. The same extension monitors and intercepts a legitimate download, such as a Zoom update, and replaces it with the attacker’s executable, which contains an enrollment token and registry entry to turn the victim’s Chrome browser into a managed browser. Thinking that they downloaded a Zoom updater, the victim executes the file, which ends up installing a registry entry that instructs the browser to become managed by the attacker’s Google Workspace. This allows the attacker to gain full control over the victim’s browser to disable security features, install additional malicious extensions, exfiltrate data and even silently redirect users to phishing sites. This attack is extremely potent as there is no visual difference between a managed and unmanaged browser. For a regular user, there is no telltale sign that a privilege escalation has occurred unless the victim is highly security aware and goes out of their way to regularly inspect their browser settings and look for associations with an unfamiliar Google Workspace account.

**Device Hijacking**

With the same downloaded file above, the attacker can additionally insert registry entries required for the malicious extension to message native apps. This allows the extension to directly interact with local apps without further authentication. Once the connection is established, attackers can use the extension in conjunction with the local shell and other available native applications to secretly turn on the device camera, capture audio, record screens and install malicious software – essentially providing full access to all applications and confidential data on the device.

The browser syncjacking attack exposes a fundamental flaw in the way remote-managed profiles and browsers are managed. Today, anyone can create a managed workspace account tied to a new domain and a browser extension without any form of identity verification, making it impossible to attribute these attacks. Unfortunately, most enterprises currently have zero visibility into the browser – most do not have managed browsers or profiles, nor any visibility to the extensions employees are installing often based on trending tools and social media recommendations.

What makes this attack particularly dangerous is that it operates with minimal permissions and nearly no user interaction, requiring only a subtle social engineering step using trusted websites – making it almost impossible for employees to detect. While recent incidents like the Cyberhaven breach have already compromised hundreds, if not thousands of organizations, those attacks required relatively complex social engineering to operate. The devastatingly subtle nature of this attack – with an extremely low threshold of user interaction – not only makes this attack extremely potent, but also sheds light on the terrifying possibility that adversaries are already using this technique to compromise enterprises today.

Unless an organization chooses to completely block browser extensions via managed browsers, the browser syncjacking attack will completely bypass existing blacklists and permissions-based policies. SquareX’s founder Vivek Ramachandran says “This research exposes a critical blind spot in enterprise security. Traditional security tools simply can’t see or stop these sophisticated browser-based attacks. What makes this discovery particularly alarming is how it weaponizes seemingly innocent browser extensions into complete device takeover tools, all while flying under the radar of conventional security measures like EDRs and SASE/SSE Secure Web Gateways. A Browser Detection-Response solution isn’t just an option anymore – it’s a necessity. Without visibility and control at the browser level, organizations are essentially leaving their front door wide open to attackers. This attack technique demonstrates why security needs to ‘shift up’ to where the threats are actually happening: in the browser itself.”

SquareX has been conducting pioneering security research on browser extensions, including the DEF CON 32 talk Sneaky Extensions: The MV3 Escape Artists that revealed multiple MV3 compliant malicious extensions. This research team was also the first to discover and disclose the OAuth attack on Chrome extension developers one week before the Cyberhaven breach. SquareX was also responsible for the discovery of Last Mile Reassembly attacks, a new class of client-side attacks that exploits architectural flaws and completely bypasses all Secure Web Gateway solutions. Based on this research, SquareX’s industry-first Browser Detection and Response solution protects enterprises against advanced extension-based attacks including device hijacking attempts by conducting dynamic analysis on all browser extension activity at runtime, providing a risk score to all active extensions across the enterprise and further identifying any attacks that they may be vulnerable to.

For more information about the browser syncjacking attack, additional findings from this research are available at **sqrx.com/research**.

**About SquareX**

SquareX helps organizations detect, mitigate and threat-hunt client-side web attacks happening against their users in real time.

SquareX’s industry-first Browser Detection and Response (BDR) solution, takes an attack-focused approach to browser security, ensuring enterprise users are protected against advanced threats like malicious QR Codes, Browser-in-the-Browser phishing, macro-based malware and other web attacks encompassing malicious files, websites, scripts, and compromised networks.

Additionally, with SquareX, enterprises can provide contractors and remote workers with secure access to internal applications, enterprise SaaS, and convert the browsers on BYOD / unmanaged devices into trusted browsing sessions.

**Contact**

**Head of PR**  
**Junice Liew**  
**SquareX**  
**\[email protected\]**

SquareX Unveils “Browser Syncjacking” Attack Granting Full Browser and Device Control

The sudden rise of DeepSeek has raised questions of data origin, data destination, and the security of the new AI model.

The sudden rise of DeepSeek has raised concerns and questions, especially about the origin and destination of the training data, as well as the security of the data.

For those returning from a short holiday away from the news, DeepSeek is a new player on the Artificial Intelligence (AI) field. The Chinese startup has certainly taken the app stores by storm: In just a week after the launch it topped the charts as the most downloaded free app in the US. This caused an upset on the stock markets that cost nVidia and Oracle shareholders a lot of money.

DeepSeek has been called an open-source project, however this technically is not true because only the model’s outputs and certain aspects are publicly accessible. This makes it qualify as an open-weight model. Anyway, the important difference is that the underlying training data and code necessary for full reproduction of the models are not fully disclosed.

And it’s the data that pose a concern to many. OpenAI has accused DeepSeek of using its ChatGPT model to train DeepSeek’s AI chatbot, which triggered quite some memes. If only because OpenAI previously suffered accusations of using data that was not its own in order to train ChatGPT.

Authorities have started to ask questions as well. The Italian privacy regulator GPDP has asked DeepSeek to provide information about the data it processes in the chatbot, and its training data.  Because it sees a risk to the privacy of millions of Italian citizens, GDPD has demanded DeepSeek answers within 20 days questions about:

*   Which personal data is collected
*   The origin of the data
*   Purpose for the collection
*   Whether the data is stored on servers in China

According to the Italian press agency ANSA, DeepSeek disappeared on January 29, 2025 from Google and Apple’s app stores in Italy.

And if all that isn’t scary enough, researchers at Wiz have found a publicly accessible database belonging to DeepSeek.

> “This database contained a significant volume of chat history, backend data and sensitive information, including log streams, API Secrets, and operational details. “

The database was not just accessible and readable, it was also open to control and privilege escalation within the DeepSeek environment. No authentication was required, so anybody that stumbled over the database was able to run queries to retrieve sensitive logs and actual plaintext chat messages, and even to steal plaintext passwords and local files.

Needless to say, this oversight put DeepSeek and its users at risk.

We have said this before and we’ll probably have to repeat it numerous times, but the need for fast developments in this field is creating privacy risks that we have never seen before, simply because security is an afterthought for the developers. So, no matter which AI chatbot you prefer, always be mindful of the information you feed it: It may find its way to unexpected and undesirable places.

**We don’t just report on threats – we help safeguard your entire digital identity**

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

 The DeepSeek controversy: Authorities ask where does the data come from and how safe is it? 

The addition of Solvo CSPM to CYE Hyver aims to address the need for multicloud vulnerability monitoring and risk assessment.

Source: Nicolas Menijes Crego via Alamy Stock Photo

NEWS BRIEF

CYE has acquired Solvo as part of its goal to expand the capabilities of its continuous exposure management platform. Terms of the acquisition were not disclosed.

The deal, announced on Wednesday, brings together two Israeli-based cybersecurity companies. CYE will combine Solvo's Cloud Security Posture Management (CSPM) and Cloud Infrastructure Entitlement Management (CIEM) offerings with its own Hyver platform. According to CYE founder and CEO Reuven Aronashvili, CYE will integrate Solvo's CSPM capabilities next quarter to boost its customers' ability to continuously assess and mitigate cyber-risks in multicloud and hybrid infrastructure environments.

Hyver, which provides visual views of an organization's security posture, is designed to prioritize risks, compare the cost of a breach with the cost of remediation, provide risk mitigation planning, measure cybersecurity maturity, and create remediation plans. It also integrates with various security tools and platforms, enabling the sharing of threat detection telemetry. Solvo CSPM provides continuous monitoring of cloud environments while also prioritizing risks, discovering misconfigurations and compliance risks, and visualizing cloud assets and network and identity and access management (IAM) configurations to determine risks.

The need to bring Solvo's CSPM capability to Hyver became apparent as customers were accelerating the migration of their systems and applications to the cloud, Aronashvili says.

"We needed some kind of native access to the cloud environment in order to address access level, encryption level, MFA connectivity, and so on," Aronashvili says. "All those elements that are covered today with different cloud providers and platforms out there are missing in a lot of the coverage today."

Solvo offers native integration with Amazon Web Services, Microsoft Azure, and Google Cloud, which Aronashvili said has become a critical requirement for CYE's Hyber.

"The multicloud aspect was very important to us," he says. "Now we're able to provide an organization with a very comprehensive and complete risk evaluation process that considers all the different aspects of cybersecurity."

Aronashvili founded CYE in 2012 after working as a cybersecurity specialist while serving in the Israel Defense Forces. CYE started out as a professional services company, but in 2021 it rolled out Hyver after receiving $100 million in funding from EQT, with participation from its initial investor, 83 North. In 2023, CYE acquired Baseline's vulnerability analysis platform from Cyberillium, which added automated attack route creation and prioritization to the Hyver platform.

**About the Author**

Contributing Writer

Jeffrey Schwartz is a journalist who has covered information security and all forms of business and enterprise IT, including client computing, data center and cloud infrastructure, and application development for more than 30 years. Jeff is a regular contributor to Channel Futures. Previously, he was editor-in-chief of Redmond magazine and contributed to its sister titles Redmond Channel Partner, Application Development Trends, and Virtualization Review. Earlier, he held editorial roles with CommunicationsWeek, InternetWeek, and VARBusiness. Jeff is based in the New York City suburb of Long Island.

Exposure Management Provider CYE Acquires Solvo

China-based DeepSeek has exploded in popularity, drawing greater scrutiny. Case in point: Security researchers found more than 1 million records, including user data and API keys, in an open database.

The Chinese generative artificial intelligence platform DeepSeek has had a meteoric rise this week, stoking rivalries and generating market pressure for United States–based AI companies, which in turn has invited scrutiny of the service. Amid the hype, researchers from the cloud security firm Wiz published findings on Wednesday that show that DeepSeek left one of its critical databases exposed on the internet, leaking system logs, user prompt submissions, and even users’ API authentication tokens—totaling more than 1 million records—to anyone who came across the database.

DeepSeek is a relatively new company and has been virtually unreachable to press and other organizations this week. In turn, the company did not immediately respond to WIRED’s request for comment about the exposure. The Wiz researchers say that they themselves were unsure about how to disclose their findings to the company and simply sent information about the discovery on Wednesday to every DeepSeek email address and LinkedIn profile they could find or guess. The researchers have yet to receive a reply, but within a half hour of their mass contact attempt, the database they found was locked down and became inaccessible to unauthorized users. It is unclear whether any malicious actors or authorized parties accessed or downloaded any of the data.

“The fact that mistakes happen is correct, but this is a dramatic mistake, because the effort level is very low and the access level that we got is very high,” Ami Luttwak, the CTO of Wiz tells WIRED. “I would say that it means that the service is not mature to be used with any sensitive data at all.”

Exposed databases that are accessible to anyone on the open internet are a long-standing problem that institutions and cloud providers have slowly worked to address. But the Wiz researchers note that the DeepSeek database they found was visible almost immediately with minimal scanning or probing.

“Usually when we find this kind of exposure, it’s in some neglected service that takes us hours to find—hours of scanning,” says Nir Ohfeld, the head of vulnerability research at Wiz. But this time, “here it was at the front door.” Ohfeld adds that the “technical difficulty of this vulnerability is the bare minimum.”

The researchers say that the trove they found appears to have been a type of open source database typically used for server analytics called a ClickHouse database. And the exposed information supported this, given that there were log files that contained the routes or paths users had taken through DeepSeek’s systems, the users’ prompts and other interactions with the service, and the API keys they had used to authenticate. The prompts the researchers saw were all in Chinese, but they note that it is possible the database also contained prompts in other languages. The researchers say they did the absolute minimum assessment needed to confirm their findings without unnecessarily compromising user privacy, but they speculate that it may even have been possible for a malicious actor to use such deep access to the database to move laterally into other DeepSeek systems and execute code in other parts of the company’s infrastructure.

“It's pretty shocking to build an AI model and leave the backdoor wide open from a security perspective,” says independent security researcher Jeremiah Fowler, who was not involved in the Wiz research but specializes in discovering exposed databases. “This type of operational data and the ability for anyone with an internet connection to access it and then manipulate it is a major risk to the organization and users.”

DeepSeek’s systems are seemingly designed to be very similar to OpenAI’s, the researchers told WIRED on Wednesday, perhaps to make it easier for new customers to transition to using DeepSeek without difficulty. The entire DeepSeek infrastructure appears to mimic OpenAI’s, they say, down to details like the format of the API keys.

The Wiz researchers say they don’t know if anyone else found the exposed database before they did, but it wouldn’t be surprising, given how simple it was to discover. Fowler, the independent researcher, also notes that the vulnerable database would have “definitely” been found quickly—if it wasn’t already—whether by other researchers or bad actors.

“I think this is a wake-up call for the wave of AI products and services we will see in the near future and how seriously they take cybersecurity,” he says.

DeepSeek has made a global impact over the past week, with millions of people flocking to the service and pushing it to the top of Apple’s and Google’s app stores. The resulting shock waves have wiped billions from the stock prices of US-based AI companies and spooked executives at firms across the country. On Wednesday, sources at OpenAI told the Financial Times that it was looking into DeepSeek’s alleged use of ChatGPT outputs to train its models.

At the same time, DeepSeek has increasingly drawn the attention of lawmakers and regulators around the world, who have started to ask questions about the company’s privacy policies, the impact of its censorship, and whether its Chinese ownership provides national security concerns.

Italy’s data protection regulator sent DeepSeek a series of questions asking about where it obtained its training data, if people’s personal information was included in this, and the firm’s legal grounding for using this information. As WIRED Italy reported, the DeepSeek app appeared to be unavailable to download within the country following the questions being sent.

DeepSeek’s Chinese connections also appear to be raising security concerns. At the end of last week, according to CNBC reporting, the US Navy issued an alert to its personnel warning them not to use DeepSeek’s services “in any capacity.” The email said Navy members of staff should not download, install, or use the model, and raised concerns of “potential security and ethical” issues.

However, despite the hype, the exposed data shows that almost all technologies relying on cloud-hosted databases can be vulnerable through simple security lapses. “AI is the new frontier in everything related to technology and cybersecurity,” Wiz’s Ohfeld says, “and still we see the same old vulnerabilities like databases left open on the internet.”

Exposed DeepSeek Database Revealed Chat Prompts and Internal Data

A team of security researchers from Georgia Institute of Technology and Ruhr University Bochum has demonstrated two new side-channel attacks targeting Apple silicon that could be exploited to leak sensitive information from web browsers like Safari and Google Chrome.
The attacks have been codenamed Data Speculation Attacks via Load Address Prediction on Apple Silicon (SLAP) and Breaking the

New SLAP & FLOP Attacks Expose Apple M-Series Chips to Speculative Execution Exploits

The now-fixed vulnerability involved a major travel services company that's integrated with dozens of airline websites worldwide.

Source: Ribkhan via Shutterstock

A vulnerability that exposed millions of airline customers to potential account takeovers has highlighted the significant risks organizations face from misconfigured OAuth authentication processes.

The vulnerability in this case involved a major provider of online travel services for hotels and car rentals. Many airlines have integrated this service into their websites, allowing customers to use their airline points to book not just flights, but also hotels and rental cars in one seamless process.

**OAuth Implementation Flaw**

Researchers at Salt Security, hunting for real-world examples of API supply chain attacks, stumbled upon a vulnerability in the travel company's process for authenticating users looking to access its services after making an initial airline booking. The flaw, which the travel services company has since fixed, basically gave attackers a way to redirect a user's OAuth credentials to a server of their choice.

The credentials would have allowed the attackers to obtain a valid session token from an airline's website and use it to log into the travel company's systems as the victim and book hotels and car rentals using airline loyalty points.

The discovered vulnerability enabled attackers to hijack victim accounts with a single click, Salt Security researcher Amit Elbirt wrote in a blog post this week, without revealing the identity of the travel services company.

While the takeover would have happened within the travel provider's service, it would have given an attacker full access to a victim's stored information on the airline company's site, including personally identifying information, mileage, and rewards data. "This critical risk highlights the vulnerabilities in third-party integrations and the importance of stringent security protocols to protect users from unauthorized account access and manipulation," Elbirt wrote.

OAuth (Open Authentication) is a security protocol that allows users to grant websites or applications access to their information on other sites without sharing their passwords. A familiar example is logging into a website using Google or Facebook (by clicking "Sign in with Google" or "Login with Facebook" links). In the case of the travel services company, OAuth enabled users to login to the company's site using their airline credentials.

As Salt Security explains it, when a user clicks on the login button to access the travel company's site, they are automatically redirected to the requisite airline company's login page for authentication. Once complete, the airline site sends an authorization code back to the travel company site, which initiates a process whereby the travel site receives an access token. The travel site then uses the token to request user data from the airline site.

**A Failure to Verify**

What Salt Security discovered was a weakness in the travel company's authentication flow that gave them a way to redirect the equivalent of a user's login credentials to their own server. "The specific issue here is that the travel company did not correctly verify that the sensitive authentication credentials were sent to a valid domain," says Yaniv Balmas, vice president of research at Salt Security. "By manipulating this flaw, we could force the travel company to send these credentials to us instead of the airline company, thus allowing us — or or a malicious actor abusing this — to take over the airline user account and perform any actions on their behalf."

To exploit the flaw, an attacker would have sent a malicious link, which would appear to be a valid airline link, via email or text message to users of airline sites integrated with the travel service provider. According to Salt Security, once a user clicks the link and successfully authenticates to an official airline service, the attacker gains full access to the user’s account within the travel system. "From the victim's perspective, it would be almost impossible to understand the link is malicious since it genuinely belongs to the airline, and there is no easy way to understand its malicious nature without an expert-level understanding of OAuth and authentication flows," he says.

**Common Issue**

The vulnerability with the unnamed travel company is more common that one might assume, Balmas says. In 2023, for instance, Salt Security discovered a similar vulnerability in Booking.com's OAuth implementation process that gave attackers a way to take over user accounts when using their Facebook accounts to log into the hotel reservation site. Another time, researchers from the company found OAuth implementation flaws involving Grammarly, Vidio, and Indonesian e-commerce site Bukalapak that gave attackers potential access to hundreds of millions of user accounts across multiple websites.

"The biggest issue here is that from the airline's perspective, there is absolutely no visibility in case an attack occurs, and in fact, an attack request will look completely identical to a legitimate one," Balmas notes. "This basically means that the third party — the travel company in this case—is the one responsible for the security and safety of its customer users." Often, he adds, there's no certainty that a third party will hold to the same security standards as its customer.

**About the Author**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

OAuth Flaw Exposed Millions of Airline Users to Account Takeovers

### Impact
The [ContextLines integration](https://docs.sentry.io/platforms/javascript/guides/node/configuration/integrations/contextlines/) uses readable streams to more efficiently use memory when reading files. The ContextLines integration is used to attach source context to outgoing events.

The stream was not explicitly closed after use. This could lead to excessive amounts of file handles open on the system and potentially lead to a Denial of Service (DoS).

The ContextLines integration is enabled by default in the Node SDK (`@sentry/node`) and SDKs that run in Node.js environments (`@sentry/astro`, `@sentry/aws-serverless`, `@sentry/bun`, `@sentry/google-cloud-serverless`, `@sentry/nestjs`, `@sentry/nextjs`, `@sentry/nuxt`, `@sentry/remix`, `@sentry/solidstart`, `@sentry/sveltekit`).

### Patches

Users should upgrade to version `8.49.0` or higher.

### Workarounds

To remediate this issue in affected versions without upgrading to version `8.49.0` and above you can disable the ContextLines integration. See the [docs](https://docs.sentry.io/platforms/javascript/guides/node/configuration/integrations/#removing-a-default-integration) for more details.

```js
Sentry.init({
  // ...
  integrations: function (integrations) {
    // integrations will be all default integrations
    return integrations.filter(function (integration) {
      return integration.name !== "ContextLines";
    });
  },
});
```

If you disable the ContextLines integration, you will lose source context on your error events.

### References
- Reported issue: https://github.com/getsentry/sentry-javascript/issues/14892
- PR Fix: https://github.com/getsentry/sentry-javascript/pull/14997


**Package**

npm @sentry/astro (npm)

**Affected versions**

\>= 8.10.0, < 8.49.0

npm @sentry/aws-serverless (npm)

npm @sentry/google-cloud-serverless (npm)

npm @sentry/solidstart (npm)

npm @sentry/sveltekit (npm)

**Impact**

The ContextLines integration uses readable streams to more efficiently use memory when reading files. The ContextLines integration is used to attach source context to outgoing events.

The stream was not explicitly closed after use. This could lead to excessive amounts of file handles open on the system and potentially lead to a Denial of Service (DoS).

The ContextLines integration is enabled by default in the Node SDK (@sentry/node) and SDKs that run in Node.js environments (@sentry/astro, @sentry/aws-serverless, @sentry/bun, @sentry/google-cloud-serverless, @sentry/nestjs, @sentry/nextjs, @sentry/nuxt, @sentry/remix, @sentry/solidstart, @sentry/sveltekit).

**Patches**

Users should upgrade to version 8.49.0 or higher.

**Workarounds**

To remediate this issue in affected versions without upgrading to version 8.49.0 and above you can disable the ContextLines integration. See the docs for more details.

Sentry.init({
  // ...
  integrations: function (integrations) {
    // integrations will be all default integrations
    return integrations.filter(function (integration) {
      return integration.name !== "ContextLines";
    });
  },
});

If you disable the ContextLines integration, you will lose source context on your error events.

**References**

*   Reported issue: getsentry/sentry-javascript#14892
*   PR Fix: getsentry/sentry-javascript#14997

**References**

*   GHSA-r5w7-f542-q2j4
*   getsentry/sentry-javascript#14892
*   getsentry/sentry-javascript#14997

Published to the GitHub Advisory Database

Jan 28, 2025

Last updated

Jan 28, 2025

GHSA-r5w7-f542-q2j4: Potential DoS when using ContextLines integration

McAfee Labs uncovers malicious GitHub repositories distributing Lumma Stealer malware disguised as game hacks and cracked software. Learn…

McAfee Labs uncovers malicious GitHub repositories distributing Lumma Stealer malware disguised as game hacks and cracked software. Learn how to protect yourself.

McAfee Labs, the threat research arm of cybersecurity giant McAfee, has recently uncovered a disturbing trend: the exploitation of popular platforms like GitHub to distribute malware. Their research reveals a network of malicious repositories offering seemingly legitimate content such as game hacks, cracked software, and free cryptocurrency tools, all designed to lure unsuspecting users into downloading and executing harmful code.

These repositories, often disguised with professional-looking features like distribution licenses and screenshots, leverage the trust and accessibility of GitHub to deceive users. Attackers strategically target individuals seeking an edge in popular games like Minecraft, Roblox, and Call of Duty, or those looking for free access to premium software like Spotify and Adobe Express.

Attack vector (Via McAfee)

The Lumma Stealer is the primary type of malware being distributed through these repositories. Promises of game hacks, cracked software, or free cryptocurrency tools lure users. Once on the repository, they are instructed to download and execute a file disguised as the promised software.

The downloaded file is typically a variant of the Lumma Stealer malware, which then collects sensitive information, including login credentials, cryptocurrency wallet information, browser history, cookies, and personally identifiable information, and extracts the stolen data to command-and-control servers controlled by the attackers.

“Every week, a new set of repositories with a new malware variant is released, as the older repositories are detected and removed by GitHub. These repositories also include distribution licenses and software screenshots to enhance their appearance of legitimacy,” McAfee’s Aayush Tyagi explained in a blog post.

To further lure users, these repositories often instruct victims to disable their antivirus software, claiming it will interfere with the downloaded program. This crucial step effectively disarms the user’s primary line of defence, allowing the malware to operate undetected and steal sensitive information such as login credentials, cryptocurrency wallet data, and browsing history.

Children and young adults, particularly avid gamers, are prime targets for these attacks. The allure of game hacks, offering advantages like aimbots and speed hacks, and that the package includes an advanced Anti-Ban system to prevent account suspension, are highly appealing, making them more susceptible to falling victim to these deceptive tactics.

Google search shows the malicious GitHub repository and a YouTube video where scammers are using descriptions to spread the repository (Via McAfee)

****McAfee’s Response and Recommendations:****

McAfee Labs is actively mitigating this threat by blocking malicious URLs, detecting and blocking downloaded malware, and providing comprehensive security solutions to protect users. The company recommends enhancing your security posture, such as keeping antivirus and anti-malware software up-to-date and practising cautious online behaviour. Regular system updates with the latest security patches are also crucial.

1.  **Fake League of Legends Download Ads Spread Lumma Stealer**
2.  **Banshee Stealer Hits macOS Users via Fake GitHub Repositories**
3.  **Hackers Use Excel Files to Drop Remcos RAT Variant on Windows**
4.  **Fake OnlyFans Checker Tool Infects Hackers with Lummac Stealer**
5.  **YouTube Channels Hacked, Drop Lumma Stealer via Cracked Software**

Lumma Stealer Found in Fake Crypto Tools and Game Mods on GitHub

Malware writing is only one of several malicious activities for which the new, uncensored generative AI chatbot can be used.

Source: Owlie Productions via Shutterstock

A recently debuted AI chatbot dubbed GhostGPT has given aspiring and active cybercriminals a handy new tool for developing malware, carrying out business email compromise scams, and executing other illegal activities.

Like previous, similar chatbots like WormGPT, GhostGPT is an uncensored AI model, meaning it is tuned to bypass the usual security measures and ethical constraints available with mainstream AI systems such as ChatGPT, Claude, Google Gemini, and Microsoft Copilot.

**GenAI With No Guardrails: Uncensored Behavior**

Bad actors can use GhostGPT to generate malicious code and to receive unfiltered responses to sensitive or harmful queries that traditional AI systems would typically block, Abnormal Security researchers said in a blog post this week.  

"GhostGPT is marketed for a range of malicious activities, including coding, malware creation, and exploit development," according to Abnormal. "It can also be used to write convincing emails for business email compromise (BEC) scams, making it a convenient tool for committing cybercrime." A test that the security vendor conducted of GhostGPT's text generation capabilities showed the AI model producing a very convincing Docusign phishing email, for example.

The security vendor first spotted GhostGPT for sale on a Telegram channel in mid-November. Since then, the rogue chatbot appears to have gained a lot of traction among cybercriminals, a researcher at Abnormal tells Dark Reading. The authors offer three pricing models for the large language model: $50 for one-week usage; $150 for one month and $300 for three months, says the researcher, who asked not to be named.

Related:Actively Exploited Fortinet Zero-Day Gives Attackers Super-Admin Privileges

For that price, users get an uncensored AI model that promises quick responses to queries and can be used without any jailbreak prompts. The author(s) of the malware also claim that GhostGPT doesn't maintain any user logs or record any user activity, making it a desirable tool for those who want to conceal their illegal activity, Abnormal said.

**Rogue Chatbots: An Emerging Cybercriminal Problem**

Rogue AI chatbots like GhostGPT present a new and growing problem for security organizations because of how they lower the barrier for cybercriminals. The tools allow anyone, including those with minimal to no coding skills, the ability to quickly generate malicious code by entering a few prompts. Significantly, they also allow individuals who already have some coding skills the ability to augment their capabilities and improve their malware and exploit code. They largely eliminate the need for anyone to spend time and effort trying to jailbreak GenAI models to try and get them to engage in harmful and malicious behavior.

Related:Change Healthcare Breach Impact Doubles to 190M People

WormGPT, for instance, surfaced in July 2023 — or about eight months after ChatGPT exploded on the scene — as one of the first so-called "evil" AI models created explicitly for malicious use. Since then, there have been a handful of others, including WolfGPT, EscapeGPT, and FraudGPT, that their developers have tried monetizing in cybercrime marketplaces. But most of them have failed to gather much traction because, among other things, they failed to live up to their promises or were just jailbroken versions of ChatGPT with added wrappers to make them appear as new, standalone AI tools. The security vendor assessed GhostGPT to likely also be using a wrapper to connect to a jailbroken version of ChatGPT or some other open source large language model.

"In many ways, GhostGPT is not massively different from other uncensored variants like WormGPT and EscapeGPT," the Abnromal researcher tells Dark Reading. "However, the specifics depend on which variant you're comparing it to."

For example, EscapeGPT relies on jailbreak prompts to bypass restrictions, while WormGPT was a fully customized large language model (LLM) designed for malicious purposes. "With GhostGPT, it’s unclear whether it is a custom LLM or a jailbroken version of an existing model, as the author has not disclosed this information. This lack of transparency makes it difficult to definitively compare GhostGPT to other variants."

Related:The Case for Proactive, Scalable Data Protection

The growing popularity of GhostGPT in underground circles also appear to have made its creator(s) more cautious. The author or the seller of the chatbot has deactivated many of the accounts they had created for promoting the tool and appears to have shifted to private sales, the researcher says. "Sales threads on various cybercrime forums have also been closed, further obscuring their identity, \[so\] as of now, we do not have definitive information about who is behind GhostGPT."

**About the Author**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

Tag

#google