Wednesday, May 28, 2025
HomePress ReleaseSquareX Discloses Browser-Native Ransomware that Puts Millions at Risk

SquareX Discloses Browser-Native Ransomware that Puts Millions at Risk

Published on

SIEM as a Service

Follow Us on Google News

From WannaCry to the MGM Resorts Hack, ransomware remains one of the most damaging cyberthreats to plague enterprises. Chainalysis estimates that corporations spend nearly $1 billion dollars on ransom each year, but the greater cost often comes from the reputational damage and operational disruption caused by the attack.

Ransomware attacks typically involve tricking victims into downloading and installing the ransomware, which copies, encrypts, and/or deletes critical data on the device, only to be restored upon the ransom payment. Traditionally, the primary target of ransomware has been the victim’s device. However, thanks to the proliferation of the cloud and SaaS services, the device no longer holds the keys to the kingdom. Instead, the browser has become the primary way through which employees conduct work and interact with the internet. In other words, the browser is becoming the new endpoint.

SquareX has been disclosing major browser vulnerabilities like Polymorphic Extensions and Browser Syncjacking, and is now issuing a strong warning on the emergence of browser-native ransomware. 

- Advertisement - Google News

SquareX’s founder, Vivek Ramachandran cautions, “With the recent surge in browser-based identity attacks like the one we saw with the Chrome Store OAuth attack, we are beginning to see evidence of the ‘ingredients’ of browser-native ransomwares being used by adversaries. It is only a matter of time before one smart attacker figures out how to put all the pieces together. While EDRs and Anti-Viruses have played an unquestionably vital role in defending against traditional ransomware, the future of ransomware will no longer involve file downloads, making a browser-native solution a necessity to combat browser-native ransomwares.”

Unlike traditional ransomware, browser-native ransomware requires no file download, rendering them completely undetectable by endpoint security solutions. Rather, this attack targets the victim’s digital identity, taking advantage of the widespread shift toward cloud-based enterprise storage and the fact that browser-based authentication is the primary gateway to accessing these resources. In the case studies demonstrated by SquareX, these attacks leverage AI agents to automate the majority of the attack sequence, requiring minimal social engineering and interference from the attacker.

One potential scenario involves social engineering a user into granting a fake productivity tool access to their email, through which it can identify all the SaaS applications the victim is registered with. It can then systematically reset the password of these apps with AI agents, logging the users out on their own and holding enterprise data stored on these applications hostage. 

Similarly, the attacker can also target file-sharing services like Google Drive, Dropbox and OneDrive, using the victim’s identity to copy out and delete all files stored under their account. Critically, attackers can also gain access to all shared drives, including those shared by colleagues, customers and other third parties. This significantly expands the attack surface of browser-native ransomware – where the impact of most traditional ransomware is confined to a single device, all it takes is one employee’s mistake for attackers to gain full access to enterprise-wide resources.

As fewer and fewer files are being downloaded, it is inevitable for attackers to follow where work and valuable data are being created and stored. As browsers become the new endpoint, it is crucial for enterprises to reconsider their browser security strategy – just as EDRs were critical to defend against file-based ransomware, a browser-native solution with a deep understanding of client-side application layer identity attacks will become essential in combating the next generation of ransomware attacks.

To learn more about this security research, users can visit https://sqrx.com/browser-native-ransomware

About SquareX

SquareX’s industry-first Browser Detection and Response (BDR) solution helps organizations detect, mitigate, and threat-hunt client-side web attacks happening against their users in real time. In addition to browser ransomware, SquareX also protects against various browser threats including identity attacks, malicious extensions, advanced spearphishing, GenAI DLP, and insider threats.

The browser-native ransomware disclosure is part of the Year of Browser Bugs project. Every month, SquareX’s research team releases a major web attack that focuses on architectural limitations of the browser and incumbent security solutions. Previously disclosed attacks include Browser Syncjacking and Polymorphic Extensions

To learn more about SquareX’s BDR, users can contact founder@sqrx.com.

For press inquiries on this disclosure or the Year of Browser Bugs, users can email junice@sqrx.com

Disclaimer: This is a sponsored press release distributed through CyberNewswire, PR syndication platform for cybersecurity companies. Cyber Security News does not endorse or take responsibility for its content, accuracy, quality, advertising, products, or any related materials.

CyberNewswire
CyberNewswire
A PR Newswire Syndication Platform for Cybersecurity Companies

Latest articles

MATLAB, Serving Over 5 Million Users, Hit by Ransomware Attack

MathWorks, the renowned developer of MATLAB and Simulink, has been grappling with the aftermath...

CISA Publishes ICS Advisories Highlighting New Vulnerabilities and Exploits

On May 27, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) released a new...

Chrome Security Patch Addresses High-Severity Vulnerabilities Enabling Code Execution

The Chrome team at Google has officially released Chrome 137 to the stable channel...

Zero-Interaction libvpx Flaw in Firefox Allows Attackers to Run Arbitrary Code

Mozilla has released Firefox 139, addressing several critical and moderate security vulnerabilities that posed...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

INE Security And RedTeam Hacker Academy Announce Partnership To Advance Cybersecurity Skills In The Middle East

INE Security, a global cybersecurity training and certification provider, today announced a strategic partnership...

Halo Security Achieves SOC 2 Type 1 Compliance, Validating Security Controls for Its Attack Surface Management Platform

Halo Security, a leading provider of attack surface management and penetration testing services, today announced it has...

INE Security Partners with Abadnet Institute for Cybersecurity Training Programs in Saudi Arabia

INE Security, a global leader in Cybersecurity training and certifications, has announced a strategic...