Saturday, April 26, 2025
HomePress ReleaseSquareX Discloses Browser-Native Ransomware that Puts Millions at Risk

SquareX Discloses Browser-Native Ransomware that Puts Millions at Risk

Published on

SIEM as a Service

Follow Us on Google News

From WannaCry to the MGM Resorts Hack, ransomware remains one of the most damaging cyberthreats to plague enterprises. Chainalysis estimates that corporations spend nearly $1 billion dollars on ransom each year, but the greater cost often comes from the reputational damage and operational disruption caused by the attack.

Ransomware attacks typically involve tricking victims into downloading and installing the ransomware, which copies, encrypts, and/or deletes critical data on the device, only to be restored upon the ransom payment. Traditionally, the primary target of ransomware has been the victim’s device. However, thanks to the proliferation of the cloud and SaaS services, the device no longer holds the keys to the kingdom. Instead, the browser has become the primary way through which employees conduct work and interact with the internet. In other words, the browser is becoming the new endpoint.

SquareX has been disclosing major browser vulnerabilities like Polymorphic Extensions and Browser Syncjacking, and is now issuing a strong warning on the emergence of browser-native ransomware. 

- Advertisement - Google News

SquareX’s founder, Vivek Ramachandran cautions, “With the recent surge in browser-based identity attacks like the one we saw with the Chrome Store OAuth attack, we are beginning to see evidence of the ‘ingredients’ of browser-native ransomwares being used by adversaries. It is only a matter of time before one smart attacker figures out how to put all the pieces together. While EDRs and Anti-Viruses have played an unquestionably vital role in defending against traditional ransomware, the future of ransomware will no longer involve file downloads, making a browser-native solution a necessity to combat browser-native ransomwares.”

Unlike traditional ransomware, browser-native ransomware requires no file download, rendering them completely undetectable by endpoint security solutions. Rather, this attack targets the victim’s digital identity, taking advantage of the widespread shift toward cloud-based enterprise storage and the fact that browser-based authentication is the primary gateway to accessing these resources. In the case studies demonstrated by SquareX, these attacks leverage AI agents to automate the majority of the attack sequence, requiring minimal social engineering and interference from the attacker.

One potential scenario involves social engineering a user into granting a fake productivity tool access to their email, through which it can identify all the SaaS applications the victim is registered with. It can then systematically reset the password of these apps with AI agents, logging the users out on their own and holding enterprise data stored on these applications hostage. 

Similarly, the attacker can also target file-sharing services like Google Drive, Dropbox and OneDrive, using the victim’s identity to copy out and delete all files stored under their account. Critically, attackers can also gain access to all shared drives, including those shared by colleagues, customers and other third parties. This significantly expands the attack surface of browser-native ransomware – where the impact of most traditional ransomware is confined to a single device, all it takes is one employee’s mistake for attackers to gain full access to enterprise-wide resources.

As fewer and fewer files are being downloaded, it is inevitable for attackers to follow where work and valuable data are being created and stored. As browsers become the new endpoint, it is crucial for enterprises to reconsider their browser security strategy – just as EDRs were critical to defend against file-based ransomware, a browser-native solution with a deep understanding of client-side application layer identity attacks will become essential in combating the next generation of ransomware attacks.

To learn more about this security research, users can visit https://sqrx.com/browser-native-ransomware

About SquareX

SquareX’s industry-first Browser Detection and Response (BDR) solution helps organizations detect, mitigate, and threat-hunt client-side web attacks happening against their users in real time. In addition to browser ransomware, SquareX also protects against various browser threats including identity attacks, malicious extensions, advanced spearphishing, GenAI DLP, and insider threats.

The browser-native ransomware disclosure is part of the Year of Browser Bugs project. Every month, SquareX’s research team releases a major web attack that focuses on architectural limitations of the browser and incumbent security solutions. Previously disclosed attacks include Browser Syncjacking and Polymorphic Extensions

To learn more about SquareX’s BDR, users can contact founder@sqrx.com.

For press inquiries on this disclosure or the Year of Browser Bugs, users can email junice@sqrx.com

Disclaimer: This is a sponsored press release distributed through CyberNewswire, PR syndication platform for cybersecurity companies. Cyber Security News does not endorse or take responsibility for its content, accuracy, quality, advertising, products, or any related materials.

CyberNewswire
CyberNewswire
A PR Newswire Syndication Platform for Cybersecurity Companies

Latest articles

How to Develop a Strong Security Culture – Advice for CISOs and CSOs

Developing a strong security culture is one of the most critical responsibilities for today’s...

DragonForce and Anubis Ransomware Gangs Launch New Affiliate Programs

Secureworks Counter Threat Unit (CTU) researchers have uncovered innovative strategies deployed by the DragonForce...

“Power Parasites” Phishing Campaign Targets Energy Firms and Major Brands

Silent Push Threat Analysts have uncovered a widespread phishing and scam operation dubbed "Power...

Threat Actors Register Over 26,000 Domains Imitating Brands to Deceive Users

Researchers from Unit 42 have uncovered a massive wave of SMS phishing, or "smishing,"...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Lattica Emerges from Stealth to Solve AI’s Biggest Privacy Challenge with FHE

Lattica, an FHE-based platform enabling secure and private use of AI in the cloud,...

Criminal IP to Showcase Advanced Threat Intelligence at RSAC™ 2025

Joining Criminal IP at Booth S-634 | South Expo, Moscone Center | April 28...

Industry First: StrikeReady AI Platform Moves Security Teams Beyond Basic, One-Dimensional AI-Driven Triage Solutions

Brings Automated Response to Your Assets, Identity, Vulnerabilities, Alerts, and More to Redefine Risk...