Hackers Deploy Malicious Chrome Extensions

Uploaded on 2025-01-03 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

A large-scale hacking campaign targeting Chrome extensions has compromised at least 25 extensions, potentially impacting over two million users worldwide, including the cybersecurity firm Cyberhaven, which first detected the attack over the Christmas.  They successfully  removed the malicious package from the Chrome Web Store within 60 minutes of detection, although numerous Cyberhaven customers were also affected. 

In an email to customers, Cyberhaven says hackers published a malicious update to its Chrome extension that was capable of stealing customer passwords and session tokens. The compnay's website lists several major clients, including Canon, Motorola and Reddit.

The browser extension is Cyberhaven’s primary tool for monitoring and blocking data exfiltration. It tracks data sent via emails, AI tools and web applications. Browsers running the compromised extension were vulnerable to abuse for over 30 hours and the attackers could potentially exfiltrate victims’ sensitive information, including authenticated sessions and cookies, according to Cyberhaven. 

The attack is understood to have involved only machines running Chrome-based browsers that were updated via the Google Chrome Web Store. 

Researchers outside the company have suggested that the administrator’s account was likely compromised through a phishing email, although it remains unclear how many organisations were affected by the attack or what the hackers’ aimed to achieve. 

Security analysts said that additional extensions could have been compromised using similar malicious code. They identified over a dozen suspicious domains linked to the attackers' infrastructure.

Cyberhaven say that heir investigation is continuing, with the assistance of Google-owned cyber security firm Mandiant.

The company recommends that its customers update the extension, rotate passwords and tokens, clear sessions and review logs for any suspicious activity. It has advised users not to remove the extension, in order to preserve the malicious code for analysis. 

Cyberhaven   |   Reuters   |     The Record   |    I-HLS   |   @Stopmarvertisin  |   Bleeping Computer   |   

@vxunderground   |    Economic Times   |  Techcrunch 

Image:

You Might Also Read: 

Highly Evasive Adaptive Threats & Advanced Persistent Threats:   

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« China Complains About US Cyber Attacks
Artificial Intelligence Presents Urgent Risks »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Radware

Radware

Radware is a global leader of application delivery and cyber security solutions for virtual, cloud and software defined data centers.

Cybonet

Cybonet

Cybonet provides easy to deploy, flexible and scalable security solutions that empower organizations of all sizes to actively safeguard their networks in the face of today’s evolving threats.

Rewertz

Rewertz

Rewterz is a cyber security company based out of Dubai, serving customers in UAE, Oman, Qatar, Bahrain, Saudi Arabia, and Pakistan.

Wolfpack Information Risk

Wolfpack Information Risk

Wolfpack specialise in information and cyber threat management covering the full spectrum of prevention, detection, incident response and business resilience capabilities.

Ksmartech

Ksmartech

Ksmartech provide services related to security and authentication in all areas where the connection of people to objects, and objects and objects is necessary.

Thomsen Trampedach

Thomsen Trampedach

Thomsen Trampedach offers a tailored-made brand protection solution to each customer using a proprietary enforcement automation and reporting tool and a multilingual enforcement team.

Axis Security

Axis Security

Axis Security technologies transform open networks and vulnerable applications into fully protected resources that the business can trust.

Digital Silence

Digital Silence

Digital Silence is a world-class provider of information security research and consulting services.

Aunalytics

Aunalytics

Aunalytics is a data platform company that delivers insights as a service to answer your most important IT and business questions.

Laneden

Laneden

Laneden specialise in helping organisations identify security concerns and quantify the risks you may have across your assets, using Penetration Testing, Threat Simulation and Compliance Testing.

ZoobeTek

ZoobeTek

ZoobeTek are a company focused on preventing leaks related to the security of business information3.

RIoT Secure

RIoT Secure

RIoT Secure AB is a technology enabler within the IoT industry - created with a vision to ensure security technology exists in the foundations of software development for IoT solutions.

Efex

Efex

Efex is one of Australia’s leading Managed Technology Solutions providers. We service local companies across Australia, providing accessible, fast and straightforward IT.

Elitery

Elitery

Elitery is an IT-managed service company that focuses on cloud and cybersecurity services.

GetReal Security

GetReal Security

GetReal Security is the world’s leading authority on malicious digital content and deepfake protection.

Datacom

Datacom

Datacom design, build and run IT systems and processes across operations, cybersecurity, cloud, digital platforms, payroll and enterprise applications.