Find notable cyber news and cases, enriched with sources, timelines, and signals.

ShieldGuard browser-extension data-harvesting malware

Malware Activity
First reported
Last updated
Happening score
H score 29
1 unique sources, 1 articles

Summary

Hide ▲

A malicious ShieldGuard browser extension was dismantled after it was found harvesting sensitive data from crypto users, putting wallet and account information at risk. The extension targeted Binance, Coinbase, MetaMask, and Google services, and could execute remote code through a C2 server. The activity mattered because it could capture balances, transaction histories, and portfolio data while bypassing normal browser protections.

Related Happenings

Silent Swap browser-extension clipboard clipper

Malware Activity
H score36 First: 30.06.2026 18:40 Last: 30.06.2026 18:40 Sources 1

About this happening: The **Silent Swap** malware activity now **installs malicious Chromium extensions** that intercept copied wallet addresses and **reroute cryptocurrency transfers** to attacker-con...

Search for perplexity ai malicious Chrome extension

Malware Activity
H score29 First: 29.06.2026 21:40 Last: 29.06.2026 21:40 Sources 1

About this happening: A malicious **Chrome extension** named **Search for perplexity ai** impersonated **Perplexity AI** while **intercepting search traffic** and collecting **browsing information** th...

Dormant remote-controlled JavaScript injection path in Adblock for YouTube Chrome extension

Technical Analysis
H score23 First: 25.06.2026 17:12 Last: 25.06.2026 17:12 Sources 1

About this happening: A **Chrome extension** with **10 million+ installs** was found to carry a **dormant script-injection path**, raising the risk of **arbitrary JavaScript execution** across visited...

Google Chrome DBSC rolls out session-cookie theft protection for all users

Security Tool/Service
H score10 First: 29.05.2026 15:08 Last: 29.05.2026 15:08 Sources 1

About this happening: Google's **Chrome Device Bound Session Credentials (DBSC)** is now **generally available** and rolling out to **all users**, reducing the risk of **account takeovers** from stolen...

Chrome Web Store malicious extensions coordinated campaign using shared C2

Campaign
H score38 First: 14.04.2026 23:33 Last: 14.04.2026 23:33 Sources 1

About this happening: A coordinated **Chrome Web Store** extension operation is stealing **Google OAuth2 Bearer tokens**, deploying **backdoors**, and running **ad fraud** across more than **100 malici...

Timeline

  1. 18.03.2026 16:15 2 articles · 3mo ago

    ShieldGuard identified as a malicious browser extension and disrupted

    Technical Analysis Update

    Okta Threat Intelligence identified ShieldGuard as a malicious browser extension that masqueraded as a crypto security tool, harvested wallet addresses, captured full HTML from Binance, Coinbase and MetaMask after login, tracked users across sessions, targeted Google services, and used obfuscation plus a custom JavaScript interpreter to bypass Chrome security restrictions. Researchers also linked the operators to Radex and noted language indicators suggesting Russian-speaking actors, while Okta and industry partners removed the extension from the Chrome Web Store, took down associated domains, disabled backend infrastructure, and blocked user sign-in functionality.

    Show sources