Malware Delivery

Malicious browser extensions abuse browser permissions to steal data, hijack sessions, inject ads, or redirect users to phishing pages.

A browser zero-day exploit targets an unknown or unpatched vulnerability in a browser or its components to execute code or escape the sandbox.

A drive-by download is when a visit to a website triggers an unwanted download or malware installation—often without the user intending to download anything.

Exploit kits are automated toolchains that probe a visitor’s browser for vulnerabilities and deliver a payload if they find a match.

Fake browser updates are deceptive popups or pages that claim your browser is outdated and push a malicious “update” download.

Malicious downloads are files delivered through the browser that look useful (PDFs, installers, “updates”) but contain malware or lead to it.

Malvertising is when malicious ads deliver scams, phishing, or malware—often by redirecting users to a harmful site after a click (or sometimes on ad load).

Ransomware from browser downloads happens when a user downloads and runs a malicious file delivered via a website, ad, or phishing link.

A watering hole attack compromises a website that a specific group frequently visits, then uses it to deliver malware or credential theft to that group.