Hackers Deploy Malicious Chrome Extensions

Uploaded on 2025-01-03 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

A large-scale hacking campaign targeting Chrome extensions has compromised at least 25 extensions, potentially impacting over two million users worldwide, including the cybersecurity firm Cyberhaven, which first detected the attack over the Christmas.  They successfully  removed the malicious package from the Chrome Web Store within 60 minutes of detection, although numerous Cyberhaven customers were also affected. 

In an email to customers, Cyberhaven says hackers published a malicious update to its Chrome extension that was capable of stealing customer passwords and session tokens. The compnay's website lists several major clients, including Canon, Motorola and Reddit.

The browser extension is Cyberhaven’s primary tool for monitoring and blocking data exfiltration. It tracks data sent via emails, AI tools and web applications. Browsers running the compromised extension were vulnerable to abuse for over 30 hours and the attackers could potentially exfiltrate victims’ sensitive information, including authenticated sessions and cookies, according to Cyberhaven. 

The attack is understood to have involved only machines running Chrome-based browsers that were updated via the Google Chrome Web Store. 

Researchers outside the company have suggested that the administrator’s account was likely compromised through a phishing email, although it remains unclear how many organisations were affected by the attack or what the hackers’ aimed to achieve. 

Security analysts said that additional extensions could have been compromised using similar malicious code. They identified over a dozen suspicious domains linked to the attackers' infrastructure.

Cyberhaven say that heir investigation is continuing, with the assistance of Google-owned cyber security firm Mandiant.

The company recommends that its customers update the extension, rotate passwords and tokens, clear sessions and review logs for any suspicious activity. It has advised users not to remove the extension, in order to preserve the malicious code for analysis. 

Cyberhaven   |   Reuters   |     The Record   |    I-HLS   |   @Stopmarvertisin  |   Bleeping Computer   |   

@vxunderground   |    Economic Times   |  Techcrunch 

Image:

You Might Also Read: 

Highly Evasive Adaptive Threats & Advanced Persistent Threats:   

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« China Complains About US Cyber Attacks
Artificial Intelligence Presents Urgent Risks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NICE Systems

NICE Systems

NICE Systems provide software solutions to ensure compliance, fight financial crime, and safeguard people and assets.

Advenica

Advenica

Advenica develops, manufactures and sells innovative cybersecurity solutions for encryption and secure information exchange.

Maverick Technologies

Maverick Technologies

Maverick is an industrial automation, enterprise integration and operational consulting company. Services include industrial cyber security.

ClickDatos

ClickDatos

ClickDatos specializes in consulting, auditing, data protection training, accredited by ISO/IEC 27001 certification.

Adaptive Shield

Adaptive Shield

Addaptive Shield - Complete Control For Your SaaS Security. Proactively find and fix weaknesses across your SaaS platforms.

MVP Tech

MVP Tech

MVP Tech designs and deploys next generation infrastructures where Security and Technology converge.

Digital Identification & Authentication Council of Canada (DIACC)

Digital Identification & Authentication Council of Canada (DIACC)

DIACC is a non-profit coalition of public and private sector leaders committed to developing a Canadian framework for digital identification and authentication.

Kontex

Kontex

Kontex is a Cyber Security consultancy creating resilient solutions. From Strategy, Advisory and Implementation to Management and everything in between.

MillenniumIT ESP (MIT ESP)

MillenniumIT ESP (MIT ESP)

MillenniumIT ESP provides solutions and services around Core Infrastructure, Cloud, Cyber Security, Enterprise Applications, Intelligent Automation and Data, Smart Buildings, and Managed Services.

RedLegg

RedLegg

RedLegg is a master provider of information security services, a boutique, nimble, old-fashioned customer service company that enjoys the technology battlefield.

Matrixforce

Matrixforce

Matrixforce is a vetted IT support provider that uses the patented Delta Method of streamlining technology for financial and professional service firms to reduce complexity and avoid risk.

WireGuard

WireGuard

WireGuard is a communication protocol and free and open-source software that implements encrypted virtual private networks (VPNs).

AddSecure

AddSecure

AddSecure is a leading European provider of secure IoT connectivity and end-to-end solutions.

LockMagic

LockMagic

Lockmagic is an information asset management solution to protect, track, audit and control accesses to sensitive information inside and outside your organization.

TeKnowledge

TeKnowledge

TeKnowledge enables governments and enterprises around the world to navigate the challenges with digital transformation today and tomorrow with elite cybersecurity protection and managed services.

Net Essence

Net Essence

Net Essence is a Managed IT Services Provider. We deliver effective, reliable and fit-for-purpose IT solutions for SMEs based in the UK.