Hackers Deploy Malicious Chrome Extensions

Uploaded on 2025-01-03 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

A large-scale hacking campaign targeting Chrome extensions has compromised at least 25 extensions, potentially impacting over two million users worldwide, including the cybersecurity firm Cyberhaven, which first detected the attack over the Christmas.  They successfully  removed the malicious package from the Chrome Web Store within 60 minutes of detection, although numerous Cyberhaven customers were also affected. 

In an email to customers, Cyberhaven says hackers published a malicious update to its Chrome extension that was capable of stealing customer passwords and session tokens. The compnay's website lists several major clients, including Canon, Motorola and Reddit.

The browser extension is Cyberhaven’s primary tool for monitoring and blocking data exfiltration. It tracks data sent via emails, AI tools and web applications. Browsers running the compromised extension were vulnerable to abuse for over 30 hours and the attackers could potentially exfiltrate victims’ sensitive information, including authenticated sessions and cookies, according to Cyberhaven. 

The attack is understood to have involved only machines running Chrome-based browsers that were updated via the Google Chrome Web Store. 

Researchers outside the company have suggested that the administrator’s account was likely compromised through a phishing email, although it remains unclear how many organisations were affected by the attack or what the hackers’ aimed to achieve. 

Security analysts said that additional extensions could have been compromised using similar malicious code. They identified over a dozen suspicious domains linked to the attackers' infrastructure.

Cyberhaven say that heir investigation is continuing, with the assistance of Google-owned cyber security firm Mandiant.

The company recommends that its customers update the extension, rotate passwords and tokens, clear sessions and review logs for any suspicious activity. It has advised users not to remove the extension, in order to preserve the malicious code for analysis. 

Cyberhaven   |   Reuters   |     The Record   |    I-HLS   |   @Stopmarvertisin  |   Bleeping Computer   |   

@vxunderground   |    Economic Times   |  Techcrunch 

Image:

You Might Also Read: 

Highly Evasive Adaptive Threats & Advanced Persistent Threats:   

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« China Complains About US Cyber Attacks
Artificial Intelligence Presents Urgent Risks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Kaspersky Lab

Kaspersky Lab

Kaspersky Lab is one of the world’s largest privately held vendors of endpoint cybersecurity solutions.

Atos

Atos

Atos provides a unique Cyber Security end to end solution with a data-centric and pre-emptive security approach.

Dispersive Networks

Dispersive Networks

Dispersive Virtual Network is a carrier-grade software-defined programmable network that is inspired by battlefield-proven wireless radio techniques.

Sift

Sift

The Sift Digital Trust Platform protects your business and customers from all vectors of fraud and abuse through our Live Machine Learning, global trust network and automation technologies.

Pathway Forensics

Pathway Forensics

Pathway Forensics is a leading provider of computer forensics, e-discovery services and digital investigations.

Philippine National Police Anti-Cybercrime Group (PNP-ACG)

Philippine National Police Anti-Cybercrime Group (PNP-ACG)

The mission of the PNP Anti-Cybercrime Group is to implement and enforce pertinent laws on cybercrime and other cyber related crimes and pursue an effective anti-cybercrime campaign.

GitGuardian

GitGuardian

Enable developers, ops, security and compliance professionals to enforce security policies across public and private code, and other data sources as well

VIBE Cybersecurity International

VIBE Cybersecurity International

VIBE’s certificate-less authenticated encryption enables scalable, flexible key exchange, and other advanced cryptographic functions using identity-based elliptic curve cryptosystems (ECC).

QI ANXIN Technology Group

QI ANXIN Technology Group

QI ANXIN specializes in serving the cybersecurity market by offering next generation enterprise-class cybersecurity products and services to government and businesses.

Black Hills Information Security (BHIS)

Black Hills Information Security (BHIS)

Black Hills Information Security provide security testing and vulnerability assessment services.

Binary Defense

Binary Defense

Binary Defense protect businesses of all sizes through advanced cybersecurity solutions including Managed Detection and Response, Security Information and Event Management and Counterintelligence.

Selectron Systems

Selectron Systems

Selectron offers system solutions for automation in rail vehicles and support in dealing with your railway cyber security challenges.

Sure Valley Ventures

Sure Valley Ventures

Sure Valley Ventures is an entrepreneur led venture capital fund focused on helping software entrepreneurs grow and scale businesses that will have a global impact.

Arcserve

Arcserve

Defend your data with Arcserve all-in-one data protection and management solutions designed to be the right fit for your business, regardless of size or complexity.

Boldend

Boldend

Boldend offers leading-edge offensive and defensive cybersecurity solutions that empower government and commercial organizations to stay resilient in an evolving threat landscape.

Sola Security

Sola Security

Sola Security is a cyber security startup company currently in Stealth mode.