Browser security startup SquareX nabs $20M in funding – News

SquareX Ltd., a startup with a browser extension that can detect and block obfuscated malware, today disclosed that it has raised $20 million in funding.

SYN Ventures led the Series A round with participation from Peak XV Partners.

SquareX’s browser extension promises to help enterprises protect employees from malicious websites, phishing campaigns and other online threats. A company’s information technology team can configure the software by entering prompts into a chatbot interface. An administrator could, for example, instruct the extension to prevent users from entering business data into ChatGPT.

The extension provides features for blocking so-called last mile reassembly attacks. Those are cyberattacks that disguise browser-borne malware by splitting it into multiple code snippets. Because the individual snippets are harmless on their own, they have a higher chance of evading detection by antivirus tools. The malware resembles itself after the code fragments are downloaded onto the user’s device.

In some cases, last-mile reassembly attacks use LSB steganography to further complicate detection efforts. LSB steganography is a data storage method that can be used to encode malicious code into images, which often aren’t scanned by cybersecurity tools. Once a malware-laden image is downloaded by a user, a script extracts the malicious code and runs it. SquareX says that its browser extension can spot such attacks as well.

Microsoft Office documents are another potential source of risk. The popular word processor enables users to create macros, scripts that automate simple tasks such as saving files to a specific folder. According to SquareX, its browser extension removes macros from Office documents to delete any malicious code they may contain.

When the extension blocks a malicious program, it sends the file to a cloud-based sandbox where administrators can study it. SquareX provides more than 20 malware analysis tools to ease the process. 

IT teams can optionally customize the browser using natural language prompts. SquareX can be configured to block password sharing across applications, data entry into unauthorized applications and other risky practices. It’s also possible to create a list of approved browser extensions and automatically block plug-ins that are not on the list.

“The browser is the new endpoint, yet it remains a major blind spot for most organizations. Existing solutions often force a tradeoff between security and usability,” said Chief Executive Officer Vivek Ramachandran. “We built SquareX to eliminate this compromise in browser security, offering robust protection that works with the browsers users are already familiar with.”

SquareX’s funding round comes about a month after Island Technology Inc., the developer of a competing enterprise browser, closed a $250 million investment. Earlier, Seraphic Algorithms Ltd. raised $29 million for a platform that likewise promises to protect workers from web-borne malware. It does so by connecting to a user’s browser and isolating its JavaScript engine, a component that helps run webpages’ code.

Image: SquareX