- Published on
A while ago, our SOC team intercepted a suspicious Zscaler alert indicating one of our users’ browsers was leaking internal Okta URLs to external domains. A deeper dive revealed a cluster of malicious Chrome extensions—collectively installed by millions of users and designed to exfiltrate browsing history (including sensitive URL parameters) and, if desired, redirect victims to attacker-controlled sites.