Sign up to save tools and stay up to date with the latest in AI
bg
bg
1

Hackers hijacked legitimate Chrome extensions to try to steal data

Dec 28, 2024 - theverge.com
A cyberattack campaign compromised multiple Chrome browser extensions by inserting malicious code designed to steal browser cookies and authentication sessions, targeting social media advertising and AI platforms. Cyberhaven, one of the affected companies, attributes the attack to a phishing email and notes that the code specifically targeted Facebook Ads accounts. Security researcher Jaime Blasco suggests the attack was random and not specifically aimed at Cyberhaven, as similar malicious code was found in other extensions like Internxt VPN, VPNCity, Uvoice, and ParrotTalks.

Cyberhaven reported that the malicious code was pushed in an update of its data loss prevention extension on December 24th and was active until December 25th. The company quickly removed the code and released a clean update. Cyberhaven advises affected companies to check logs for suspicious activity and update passwords not using FIDO2 multifactor authentication. Customers were notified via email prior to public disclosure.

Key takeaways:

  • A cyberattack campaign inserted malicious code into multiple Chrome browser extensions, targeting social media advertising and AI platforms.
  • The attack was linked to a phishing email and specifically targeted Facebook Ads accounts, according to Cyberhaven.
  • Security researcher Jaime Blasco found the same malicious code in other extensions, suggesting the attack was random and not specifically targeting Cyberhaven.
  • Cyberhaven discovered and removed the malicious code within an hour on December 25th and released a clean version of their extension.
View Full Article

Comments (0)

Be the first to comment!