April 22, 2025 By Bill Toulas
A proof-of-concept attack called "Cookie-Bite" uses a browser extension to steal browser session cookies from Azure Entra ID to bypass multi-factor authentication (MFA) protections and maintain access to cloud services like Microsoft 365, Outlook, and Teams.
The attack was devised by Varonis security researchers, who shared a proof-of-concept (PoC) method involving a malicious and a legitimate Chrome extension. However, stealing session cookies is not novel, as infostealers and adversary-in-the-middle phishing attacks commonly target them.
While Cookie-Bite isn't an entirely new concept, it's still noteworthy for its stealth and persistence.