Cyberhaven reported that the malicious code was pushed in an update of its data loss prevention extension on December 24th and was active until December 25th. The company quickly removed the code and released a clean update. Cyberhaven advises affected companies to check logs for suspicious activity and update passwords not using FIDO2 multifactor authentication. Customers were notified via email prior to public disclosure.
Key takeaways:
- A cyberattack campaign inserted malicious code into multiple Chrome browser extensions, targeting social media advertising and AI platforms.
- The attack was linked to a phishing email and specifically targeted Facebook Ads accounts, according to Cyberhaven.
- Security researcher Jaime Blasco found the same malicious code in other extensions, suggesting the attack was random and not specifically targeting Cyberhaven.
- Cyberhaven discovered and removed the malicious code within an hour on December 25th and released a clean version of their extension.