At least sixteen Chrome browser extensions have been attacked by a phishing attempt, putting over 600,000 users at risk of password theft and data disclosure. Cyberhaven was the first company to be impacted by the attack, which was directed at publishers of Chrome extensions.
A data protection firm called Cyberhaven claims that since mid-December, hackers have been breaking into the Chrome browser extensions of several companies. At least 16 Chrome browser extensions have been hacked by a phishing attempt, putting over 600,000 users at risk of password theft and data disclosure. By utilising their access rights to introduce harmful code into valid extensions, the attack specifically targeted the publishers of these extensions on the Chrome Web Store. Because the campaign specifically targeted Cyberhaven, the first company to become a victim, the threat actors were able to release a malicious version of the plugin.
Also Read: Apple to stop selling these iPhone models in EU countries: Here is why
While disclosing the information about the recent cyber attack Cyberhaven said, “Our team has confirmed a malicious cyberattack that occurred on Christmas Eve, affecting Cyberhaven’s Chrome extension. Public reports suggest this attack was part of a wider campaign to target Chrome extension developers across a wide range of companies. We want to share the full details of the incident and the steps we’re taking to protect our customers and mitigate any damage. I’m proud of how quickly our team reacted, with virtually everyone in the company interrupting their holiday plans to serve our customers, and acting with the transparency that is core to our company values.”
On December 24, Cyberhaven employees’ Google Chrome Web Store login credentials were compromised by a phishing attack, which gave the attacker access to a malicious version of its Chrome extension. Within sixty minutes, the security team identified the compromise and eliminated the malware.
Also Read: YouTube is testing the ‘Play something’ FAB button for Android users
Between 1:32 AM UTC on December 25 and 2:50 AM UTC on December 26, auto-updated Chrome-based browsers were impacted by the incident, which, according to the company, targeted Chrome extension version 24.10.4. Cyberhaven systems were unaffected, including code signing keys and CI/CD procedures. The malicious code may have authenticated sessions for the targeted websites and exfiltrated cookies. According to preliminary results, the attacker targeted logins to particular AI and social media advertising networks. The investigation is still going on.
We are a humble media site trying to survive! As you know we are not placing any article, even the feature stories behind any paywall or subscription model. Help us stay afloat, support with whatever you can!
Komila Singhhttp://www.gadgetbridge.com
Komila is one of the most spirited tech writers at Gadget Bridge and is a senior resource in the company. Always up for a new challenge, she is an expert at dissecting technology and getting to its core. She loves to tinker with new mobile phones, tablets and headphones.
:quality(85):upscale()/2024/04/24/878/n/3019466/36c5693c662965c5d1ce91.72473705_.jpg)
English (US) ·