Malicious browser extension → cookie harvest → ATO
Publish a useful-looking extension (ad-blocker / PDF reader). It quietly reads cookies + localStorage from sensitive sites and ships them to the attacker.
§ Context
Assumed environment: attacker publishes a Chrome / Edge / Firefox extension to the official store with cookies + <all_urls> permission. The extension passes initial review (or attacker rotates after).
§ Steps
- 01Replay sessions against M365 / SSOInitial AccessT1078— Valid Accounts
- 02Victims install (organic / ad)ExecutionT1204— User Execution
- 03Cookies + localStorage exfilCredential AccessT1539— Steal Web Session Cookie
- 04Mailbox / SharePoint exfilCollectionM365-EWS-EXFIL— Exchange Web Services (EWS) Exfil
- 05Publish to web storeResource DevelopmentT1583— Acquire Infrastructure
- 06Build benign-looking extensionInitial AccessBX-MALICIOUS-EXT— Malicious Browser Extension
§ References
- T1078Valid Accounts
- T1204User Execution
- T1539Steal Web Session Cookie
- T1583Acquire Infrastructure
§ Frequently asked
- What is the "Malicious browser extension → cookie harvest → ATO" attack path?
- Publish a useful-looking extension (ad-blocker / PDF reader). It quietly reads cookies + localStorage from sensitive sites and ships them to the attacker. It chains 6 steps drawn from real-world offensive-security techniques.
- What starting position does this attack require?
- The first step is Replay sessions against M365 / SSO (T1078) — a initial access primitive. Assumed environment: attacker publishes a Chrome / Edge / Firefox extension to the official store with cookies + <all_urls> permission.
- What is the final impact of this kill-chain?
- The final step lands on Build benign-looking extension (BX-MALICIOUS-EXT), which falls under Initial Access. From here, an operator typically pivots into post-exploitation or maintains persistence.
- How can defenders detect or prevent this attack?
- Detection and prevention vary per step. Refer to each linked MITRE ATT&CK entry under "References" — every technique on that page lists defensive controls, detection telemetry, and known threat-actor usage.
§ Related dossiers
- Shared techniques3
FIDO2 caBLE hybrid → phone authenticator hijack
Attacker phishing site shows the legitimate FIDO2 QR. Victim scans with their phone authenticator. The link completes the WebAuthn ceremony in the attacker's browser — they're now signed in as the victim.
- Shared techniques3
Output injection → admin XSS in support panel
Customer chats with support LLM. Prompt injection makes the model emit a malicious markdown link / image; when an admin views the conversation in the support panel, JS / pixel-tracker fires.
- Shared techniques3
AITM phishing (Evilginx) → M365 session theft → mailbox exfil
Reverse-proxy phishing kit intercepts the entire login flow including MFA. Stolen session cookie → access M365 mailbox / SharePoint without retriggering auth.
- Shared techniques3
Browser-in-the-Browser → credential theft on a trusted page
Render a fake SSO popup inside the attacker page that looks like a real OS browser window. Victim types their credentials into the attacker's DOM.
- Shared techniques3
MFA fatigue / prompt-bombing → M365 admin compromise
Attacker has the password (from breach / spray) but not MFA. Spam push approvals at 2 AM until the user taps yes out of habit — used in the Uber and 0ktapus breaches.
- Shared techniques2
Malicious MCP server → silent supply chain for agent tools
User installs an MCP server marketed as a useful integration. Every subsequent agent session has the rogue server in scope — its tools log prompts, exfil files, or inject responses to bias the agent.