QuickLens Chrome extension steals crypto, shows ClickFix attack
Summary
The QuickLens Chrome extension was compromised and used to distribute malware, with the goal of stealing cryptocurrency from users. Google has since removed the malicious extension from its Web Store.
IFF Assessment
FOE
This is bad news for defenders as it highlights a new attack vector involving compromised browser extensions used to steal sensitive user data and cryptocurrency.
Defender Context
Defenders should be aware of the increasing threat posed by compromised browser extensions, especially those that handle sensitive information like cryptocurrency. Users should be educated on the risks of installing extensions from untrusted sources and to be vigilant about the permissions extensions request.