CRXfiltrate / LinkedIn Pack

When we started 7AI, we said the value of agentic security would not be theoretical. It would show up in production, in customer environments, against real threats no one had caught yet. CRXfiltrate is one of those moments. Our Threat Research Team, running inside live enterprise environments, surfaced a coordinated cluster of malicious browser extensions that strip Content Security Policy headers and inject operator-controlled JavaScript into the realm of every page the user visits. The shipped payload monetizes through ad fraud today. The architecture supports anything the operator chooses to deliver tomorrow. Banking. SSO. Admin consoles. The mechanism is the browser. The delivery is partially page-served. The variants evade signature-based detection. The infrastructure expands faster than store takedowns can remove it. And it was live in customer environments while we wrote this up. Read the full research below. This is what proactive threat hunting in production looks like.

CRXfiltrate is interesting for a specific technical reason: the cluster runs as a product, not as a campaign. 12 compartmentalized developer accounts. A versioned release pipeline. Source-code comments referencing internal project tickets numbered above 390. A templated decoy generator that produces extension variants by word-swapping the manifest (adjustment to correction, enhance to enhancement) so each round of takedowns misses the next round of submissions. This is what mature offensive operations look like in 2026. Industrialized, compartmentalized, designed to outlast detection. Our YARA fingerprint catches the structural pattern, not the strings. That's what kept working as the operator iterated. Threat actors are running a software lifecycle. Defenders need to as well.

The detail in CRXfiltrate that should give every SOC leader pause is not the cluster itself. It's this: across the customer environments where this was live, the right telemetry existed. The DNS queries were flagged. The endpoint sensors saw it. The signal was there. The detection pipelines above the sensors never promoted any of it to an alert a SOC analyst would actually see. That is the gap. Not telemetry. Not tooling. Surfacing. The teams I have spent my career with are not under-tooled. They are under-served by the layer that decides what is worth their attention. This is the work proactive hunting against raw telemetry does. Not running more queries. Surfacing what already exists in your stack but never reached the queue.

My CRXfiltrate write-up is live. What we found: a cross-platform browser extension cluster (Chrome, Edge, Firefox) running a JavaScript Execution Backdoor. declarativeNetRequest CSP strip, then direct DOM script injection from the C2 response, operator-controlled JavaScript in the realm of every page the user visits. Plus identity harvesting that exfiltrates the signed-in Google account's real name and email to a separate C2 (variant-gated). What surprised us: this is not a campaign. It is a factory. 12 developer accounts, versioned release pipeline, internal ticket references in the production payload, templated decoy generator. As of today the YARA fingerprint surfaces 23 additional cluster extensions matching the same CSP-stripping pattern, none of which were in prior reporting. The infrastructure has been expanding through every wave of takedowns since Wladimir Palant's January 2025 disclosure. Public credit to Wladimir, whose original analysis named the cluster and reverse-engineered the core mechanism the hunt was built on. Full write-up, IOCs, YARA, Suricata, and the detection-rules readme are at 7ai.com/crxfiltrate.

The CRXfiltrate research from our team is worth a read, but the part that has stayed with me is what happens after we share it with customers. The conversation does not go where you'd expect. They don't ask whether they have it. Most of them already know they probably do. What they ask is harder. Why didn't my stack flag this. Why is my analyst team finding out about cluster activity from a vendor research blog and not from the queue they monitor every day. That is the real question. Not which threat. The gap between what your tools see and what your team gets to act on. When that gap becomes the conversation, our job stops being a pitch and starts being a partnership. Worth the read.