Connect with us

Hi, what are you looking for?

"Cybercriminals took over legitimate Chrome extensions in an attempt to steal data."
"Cybercriminals took over legitimate Chrome extensions in an attempt to steal data."

Tech

“Cybercriminals took over legitimate Chrome extensions in an attempt to steal data.”

A cyberattack campaign injected malicious code into several Chrome browser extensions starting as early as mid-December, according to a Reuters report. The code was reportedly designed to steal browser cookies and authentication sessions, specifically targeting “certain social media advertising and AI platforms,” as detailed in a blog post by Cyberhaven, one of the affected companies.

MIGHT BE INTERESTED  From iPhone to MacBook: Complete List of Devices Receiving Apple Intelligence

Cyberhaven attributes the attack to a phishing email and, in a technical analysis, stated that the malicious code primarily targeted Facebook Ads accounts. Security researcher Jaime Blasco, however, told Reuters that the attack seemed “random” rather than specifically aimed at Cyberhaven.

A collection of warning signs, bugs, and notifications emulating malware or a cyber attack. The images are placed in a connected web against a blue background.

He also shared on X that similar malicious code was found in VPN and AI extensions, including Internxt VPN, VPNCity, Uvoice, and ParrotTalks, as noted by Bleeping Computer.

The hackers reportedly deployed an update (version 24.10.4) of Cyberhaven’s data loss prevention extension containing the malicious code on Christmas Eve at 8:32 PM ET. Cyberhaven discovered the breach on December 25th at 6:54 PM ET and removed the code within an hour. However, the malicious code remained active until 9:50 PM ET that evening. A clean version of the extension (24.10.5) was subsequently released.

Cyberhaven advises affected companies to review logs for unusual activity and to revoke or rotate passwords not secured with FIDO2 multifactor authentication. Before making these details public, Cyberhaven informed its customers via email, as reported by TechCrunch on Friday morning.

Advertisement. Scroll to continue reading.
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Advertisement
Advertisement
under ads
Advertisement

You May Also Like

News

Child Benefit is a monthly payment provided to parents or guardians of children under 16 years old. This benefit extends until the child turns...

News

The National Communications Authority (NCA) has permitted Space X Starlink GH LTD, the operator of Starlink Satellite Broadband, to operate satellite broadband services in...

Entertainment

Young Bull, a Ghanaian young rapper Thorsten Owusu Gyimah, popularly known as Yaw Tog is on heat as he release another street anthem. The...

International News

The potential impact of a whistleblower’s allegations on Elon Musk’s proposed $44 billion acquisition of the social media platform is the subject of a...

Advertisement