A cyberattack campaign injected malicious code into several Chrome browser extensions starting as early as mid-December, according to a Reuters report. The code was reportedly designed to steal browser cookies and authentication sessions, specifically targeting “certain social media advertising and AI platforms,” as detailed in a blog post by Cyberhaven, one of the affected companies.
Cyberhaven attributes the attack to a phishing email and, in a technical analysis, stated that the malicious code primarily targeted Facebook Ads accounts. Security researcher Jaime Blasco, however, told Reuters that the attack seemed “random” rather than specifically aimed at Cyberhaven.
He also shared on X that similar malicious code was found in VPN and AI extensions, including Internxt VPN, VPNCity, Uvoice, and ParrotTalks, as noted by Bleeping Computer.
Our team has confirmed a malicious cyberattack that occurred on Christmas Eve, affecting Cyberhaven's Chrome extension. Here's our post about the incident and the steps we're taking: https://t.co/VTBC73eWda
Our security team is available 24/7 to assist affected customers and…
Advertisement. Scroll to continue reading.— Cyberhaven (@CyberhavenInc) December 27, 2024
Cyberhaven advises affected companies to review logs for unusual activity and to revoke or rotate passwords not secured with FIDO2 multifactor authentication. Before making these details public, Cyberhaven informed its customers via email, as reported by TechCrunch on Friday morning.