news 
Hackers Hijacked Legitimate Chrome Extensions to Try to Steal Data
A recent cyberattack campaign has compromised multiple Chrome browser extensions, inserting malicious code designed to steal browser cookies and authentication sessions. According to a report from Reuters, the attack, which began as far back as mid-December, targeted “specific social media advertising and AI platforms.”
The phishing email that initiated the attack is believed to have been responsible for introducing the malicious code into legitimate Chrome extensions. Cyberhaven, one of the companies affected by the breach, claims that an update (version 24.10.4) of its data loss prevention extension was compromised on Christmas Eve at 8:32 PM ET. The malicious code remained active until December 25th at 9:50 PM ET before it was discovered and removed.
In a blog post, Cyberhaven explains that the attackers appeared to be targeting Facebook Ads accounts specifically. Jaime Blasco, a security researcher, disputes this claim, stating that the attack was “just random” and not targeted at Cyberhaven in particular. However, multiple other Chrome extensions were also affected by the malware, including VPN and AI-focused tools.
Other potentially compromised extensions include Internxt VPN, VPNCity, Uvoice, and ParrotTalks, according to Bleeping Computer.
Cyberhaven urges companies that may have been impacted to review their logs for suspicious activity and consider revoking or rotating any passwords not utilizing the FIDO2 multifactor authentication standard. The company also released a clean version of its extension (24.10.5) to rectify the situation.
It is essential for users to take proactive measures to protect themselves from these types of attacks. Companies should prioritize robust cybersecurity practices and regularly update their browser extensions to ensure they do not become vulnerable to exploitation.
Source: http://www.theverge.com
