Chrome Browser Extensions Compromised by Malicious Code Stealing Sensitive Information
news
2 min read
A recent cyberattack campaign has seen hackers insert malicious code into multiple Chrome browser extensions in order to steal sensitive user information. The attack, which is believed to have started as far back as mid-December, was discovered by Cyberhaven, a company that offers data protection services.
According to reports, the malicious code was inserted via phishing emails and appeared designed to target specific social media advertising and AI platforms. In the case of Cyberhaven’s own data loss prevention extension, hackers managed to push an update containing the malicious code on Christmas Eve at 8:32PM ET. The company claims that it discovered the issue just over a day later, on December 25th at 6:54PM ET, and promptly removed the malicious code within the hour.
Unfortunately, the attack does not appear to be limited to Cyberhaven’s extension alone. Security researcher Jaime Blasco has reportedly found similar malicious code in other Chrome extensions, including VPN and AI-related apps. These extensions include Internxt VPN, VPNCity, Uvoice, and ParrotTalks, according to Bleeping Computer.
It is believed that the hackers’ ultimate goal was to steal browser cookies and authentication sessions from unsuspecting users. Cyberhaven has urged affected companies to review their logs for suspicious activity, revoke or rotate any passwords not using the FIDO2 multifactor authentication standard, and be vigilant in the face of potential future attacks.
The incident serves as a stark reminder of the importance of cybersecurity in the digital age. With hackers continually developing new methods to compromise user data, it is crucial that users remain informed and take steps to protect themselves online.
Source: www.theverge.com
