BX-MALICIOUS-EXTInitial Access

Malicious Browser Extension

Publish or sideload an extension requesting <all_urls> + cookies + tabs perms — read every site the user visits, exfil cookies.

§ Where this technique fits

BX-MALICIOUS-EXT is catalogued under the Initial Access tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 1 on average.

§ Dossiers chaining this technique

Malicious browser extension → cookie harvest → ATO
Publish a useful-looking extension (ad-blocker / PDF reader). It quietly reads cookies + localStorage from sensitive sites and ships them to the attacker.
step 1 / 6

§ What commonly comes next

01
Acquire Infrastructure
T1583 · Resource Development
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

Malicious browser extension → cookie harvest → ATO

§ What commonly comes next