When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.

Theres very little a Chrome user has to do to fall victim to it.

Later on, this domain is used in the background to create managed profiles on the victims devices.

Best antivirus software

From there, the hackers then create and launch amalicious Chrome extensionon the Chrome Web Store.

Then, throughsocial engineering, the attackers trick potential victims into installing this new extension.

In ablog postdetailing this new attack, SquareX explains that this is often done using afake Zoom update.

Aura

For instance, the victim might receive a legitimate Zoom invite.

Hackers will keep coming up with clever new attacks.

More from Tom’s Guide

A hacker typing quickly on a keyboard

Chrome browser on laptop

Galaxy S25 Plus held in the hand.

iPhone 16 Pro shown held in hand

Michael B. Jordan as Stack and Smoke in "Sinners" movie

Casely Power Pod recall image

Reddit

Switch 2 and Mario

Switch 2 console and accessories

Lenovo Legion 5i with deal tag superimposed