The emergence of the malevolent Google Chrome extension, christened “ParaSiteSnatcher,” has brought to light a highly sophisticated framework designed to extract sensitive data through intricate monitoring and manipulation tactics. This extension exploits the capabilities of the Chrome Browser API to preemptively intercept and extract vital information from POST requests, particularly those containing sensitive financial data, even prior to establishing an HTTP connection.
Customized with Latin American users, notably in Brazil, in mind, ParaSiteSnatcher strategically targets financial institutions like Banco do Brasil and Caixa Econômica Federal, seeking to access transactional data, Brazilian Tax IDs, and cookies linked to Microsoft accounts. Upon installation, the extension acquires extensive permissions within the Chrome environment, empowering it to control web sessions, web requests, and user activities across multiple tabs using the Chrome tabs API. Employing various components, such as content scripts responsible for injecting malicious code into web pages and monitoring browser tabs, ParaSiteSnatcher has the capability to intercept and manipulate user inputs and communications.
While its primary focus is Google Chrome, this malicious extension is adaptable to browsers supporting the Chrome extension API, including newer iterations of Chromium-based browsers like Microsoft Edge, Brave, and Opera. While potential compatibility with Firefox and Safari exists, it might necessitate alterations in the browser namespace for seamless operation.
Read more :
