600,000 Users at Risk After Chrome Browser Extension Hacks
Hackers have targeted publishers of browser extensions on the Chrome Web Store via a phishing campaign and used their access permissions to insert malicious code into legitimate extensions to steal cookies and user access tokens. These cyberattacks have led to at least 16 extensions being compromised and exposing over 600,000 users to data exposure and credential theft.
The first company that fell prey to this campaign was the cybersecurity firm Cyberhaven, one of whose employees was targeted by a phishing attack on December 24. Cyberhaven was not a one-off target but part of a wide-scale attack campaign targeting legitimate browser extensions. On December 27, Cyberhaven disclosed that a threat actor compromised its browser extension and injected malicious code to communicate with an external command-and-control server and then downloaded additional configuration files, and exfiltrated user data. Experts predict that as long as the compromised version of the extension is still live on the endpoint, hackers can still access it and exfiltrate data. Read more about this story on our LinkedIn page
The first company that fell prey to this campaign was the cybersecurity firm Cyberhaven, one of whose employees was targeted by a phishing attack on December 24. Cyberhaven was not a one-off target but part of a wide-scale attack campaign targeting legitimate browser extensions. On December 27, Cyberhaven disclosed that a threat actor compromised its browser extension and injected malicious code to communicate with an external command-and-control server and then downloaded additional configuration files, and exfiltrated user data. Experts predict that as long as the compromised version of the extension is still live on the endpoint, hackers can still access it and exfiltrate data. Read more about this story on our LinkedIn page