Find notable cyber news and cases, enriched with sources, timelines, and signals.

QuickLens and ShotBird malicious Chrome extension update chain

Malware Activity
First reported
Last updated
Happening score
H score 34
1 unique sources, 1 articles

Summary

Hide ▲

The QuickLens and ShotBird Chrome extensions have become malicious after ownership transfer, turning trusted add-ons into a delivery path for code injection and data theft. Their payloads used C2-delivered JavaScript and a hidden browser execution path, while ShotBird also pushed a fake Chrome update lure that led Windows users to launch googleupdate.exe. The result is credential capture, browser-data siphoning, and host-level script execution on affected systems.

Related Happenings

Silent Swap browser-extension clipboard clipper

Malware Activity
H score36 First: 30.06.2026 18:40 Last: 30.06.2026 18:40 Sources 1

About this happening: The **Silent Swap** malware activity now **installs malicious Chromium extensions** that intercept copied wallet addresses and **reroute cryptocurrency transfers** to attacker-con...

Search for perplexity ai malicious Chrome extension

Malware Activity
H score29 First: 29.06.2026 21:40 Last: 29.06.2026 21:40 Sources 1

About this happening: A malicious **Chrome extension** named **Search for perplexity ai** impersonated **Perplexity AI** while **intercepting search traffic** and collecting **browsing information** th...

Dormant remote-controlled JavaScript injection path in Adblock for YouTube Chrome extension

Technical Analysis
H score23 First: 25.06.2026 17:12 Last: 25.06.2026 17:12 Sources 1

About this happening: A **Chrome extension** with **10 million+ installs** was found to carry a **dormant script-injection path**, raising the risk of **arbitrary JavaScript execution** across visited...

BrowserOS WebPromptTrap patch release (0.32.0)

Security Patch Release
H score11 First: 29.05.2026 21:07 Last: 29.05.2026 21:07 Sources 1

About this happening: **BrowserOS** patched **WebPromptTrap** in **version 0.32.0**, closing an indirect prompt-injection flaw that could trick users into approving an **authorization step** inside the...

Chromium JavaScript background RCE flaw

Vulnerability
H score16 First: 21.05.2026 21:13 Last: 21.05.2026 21:13 Sources 1

About this happening: The unfixed **Chromium** flaw keeps **JavaScript** running after the browser is closed, creating **remote code execution** risk across **Chromium-based browsers**. A malicious sit...

Timeline

  1. 09.03.2026 12:28 1 articles · 4mo ago

    QuickLens malicious update

    Technical Analysis Update

    QuickLens receives a malicious update that keeps the original functionality but strips security headers such as X-Frame-Options from HTTP responses, bypasses CSP, fingerprints the user environment, polls a C2 every five minutes, stores delivered JavaScript in browser local storage, and executes it at page load through a hidden 1×1 GIF <img> onload handler.

    Show sources
  2. 09.03.2026 12:28 2 articles · 4mo ago

    QuickLens and ShotBird disclosure

    Initial Disclosure

    Researchers publicly describe QuickLens and ShotBird as malicious Chrome extensions after ownership transfer, highlighting C2-delivered JavaScript, ClickFix-style fake Chrome update lures, browser-data capture, and host-side script execution via googleupdate.exe on Windows hosts.

    Show sources