Today we're announcing that @secureannex.com has been acquired by @socket.dev! Supply chain security is a deceptively wide problem from open source code to browser extensions. Developers and IT teams can't stop it from impacting their organization alone.
secureannex.com/blog/annex-a...
We tracked this one from the moment it was listed for sale Oct 11th, through the ownership change, to the malicious update Feb 17th. Full technical breakdown of the pixel trick, the C2 infrastructure, and the CSP stripping.
annex.security/blog/pixel-p...
Excited to secure the developer endpoint right as everyone is becoming a developer
. @socket.dev just acquired @secureannex.com, the extension security company built by @johntuckner.me. John is joining Socket.
John built Secure Annex as a solo founder into a product that security teams at Reddit, Brave, Torq, and Movable Ink depend on.
Thank you! You were there at the very start! Hope you're doing well
The original extension still works perfectly. Google Lens integration, screen capture, all of it. Users would never notice anything beyond a single permission acceptance prompt. That's what makes extension supply chain attacks so dangerous.
The new owner added a C2 server, stripped important security headers from all pages, and used a 1x1 invisible pixel's onload handler to execute remote JavaScript in pages. The actual malicious code never appears in the extension's source files, but the code update was worrying
A Chrome extension with 7,000 users and a Google Featured badge was recently sold, weaponized, and pushed a malicious update to that executed code through a hidden pixel. Here's how it worked 👇