BX-EXT-UPDATE-TAKEOVERPersistence

Extension Update Channel Takeover

Compromised extension maintainer account; push a malicious version via auto-update — every existing install runs attacker code on next launch.

§ Where this technique fits

BX-EXT-UPDATE-TAKEOVER is catalogued under the Persistence tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 3 on average.

§ Dossiers chaining this technique

Compromised extension auto-update → fleet compromise
Take over a popular extension's developer account (credential stuffing on the store, abandoned email domain). Push a malicious version — every existing install runs attacker code on next launch.
step 3 / 5

§ What commonly comes next

01
Valid Accounts
T1078 · Initial Access
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

Compromised extension auto-update → fleet compromise

§ What commonly comes next