In a unique attack, cybercriminals locally install an extension to manipulate data in internal web applications that the victims have access to. The malicious add-on is disguised as a Forcepoint Endpoint Chrome Extension for Windows s logo to enhance an air of legitimacy. The authors of the malicious extension were able to steal information from users internal extensions thanks to setting up a behind-the-scenes chat between extensions and other web apps. The extension then steals credentials mail and oAuth tokens from the victim’s machine.
Source: https://threatpost.com/fake-forcepoint-google-chrome-extension-hacks/163728/