news 
Hackers hijacked legitimate Chrome extensions to try to steal data
A cyberattack campaign has inserted malicious code into multiple Chrome browser extensions, with the aim of stealing browser cookies and authentication sessions. The attack, which was first reported by Reuters yesterday, appears to have been carried out in a broad attempt to target “specific social media advertising and AI platforms.”
According to a blog post from Cyberhaven, one of the companies that was affected by the hack, the malicious code was inserted into its own data loss prevention extension via a phishing email. The company claims that it discovered the code on December 25th and removed it just an hour later, before releasing a clean update.
The malicious code appears to have been designed to target Facebook Ads accounts specifically, according to Cyberhaven’s technical analysis post. However, security researcher Jaime Blasco has suggested that the attack was “just random” and not targeted at Cyberhaven in particular.
The affected extensions include Cyberhaven’s own data loss prevention extension, as well as other popular add-ons like Internxt VPN, VPNCity, Uvoice, and ParrotTalks. In response to the incident, Cyberhaven is advising companies that may have been impacted to review their logs for suspicious activity and revoke or rotate any passwords not using the FIDO2 multifactor authentication standard.
It’s worth noting that Cyberhaven pushed an update (version 24.10.4) of its Cyberhaven data loss prevention extension containing the malicious code on Christmas Eve at 8:32PM ET, and then discovered the issue and removed it within an hour after finding out about the issue on December 25th at 6:54PM ET.
Source: www.theverge.com
