securityonline.info 7/8/2026, 9:59:28 AM · external

Malicious Chrome Extension Tricks Italian Users with Fake Invoices

Malicious Chrome Extension Tricks Italian Users with Fake Invoices
CyberSIXT Evidence Panel
Primary Source d3lab.net

THE article reports on the detection of critical vulnerabilities today, including CVEs related to JoomShaper SP Page Builder and Adobe ColdFusion. It highlights a malicious Chrome extension campaign analyzed by D3Lab, which targeted Italian users through phishing emails masquerading as invoices, leading to a Native Messaging backdoor exploit. This backdoor allowed the malware to execute PowerShell commands and steal cookies and browsing data.

The delivery method involved obfuscated JavaScript files named to appear as PDFs. Detection strategies are suggested, emphasizing the monitoring of unexpected Chrome enterprise policy values and the need for comprehensive response beyond removing the extension.

View Primary Source Via securityonline.info

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline