Hackers Inject Malicious Code Into Chrome Extensions in Phishing Attack
A phishing campaign has led to malicious code being embedded in several Google Chrome extensions, targeting companies during the holiday season. According to a report by Reuters, the cyberattack was first detected by Cyberhaven, a cybersecurity firm that was also affected.
In a blog post, Cyberhaven revealed that hackers compromised Chrome extensions to steal user data such as browser cookies and authentication details. The primary targets appeared to be social media advertising accounts, particularly Facebook Ads accounts, and AI platform credentials. The attack involved deploying a malicious update to the affected extensions on Christmas Eve. Cyberhaven identified the breach on Christmas Day and released a fix within an hour, notifying users via email on Friday morning.
Our team has confirmed a malicious cyberattack that occurred on Christmas Eve, affecting Cyberhaven’s Chrome extension. Here’s our post about the incident and the steps we’re taking: https://t.co/VTBC73eWda
Our security team is available 24/7 to assist affected customers and…
— Cyberhaven (@CyberhavenInc) December 27, 2024
Other extensions confirmed to have been compromised include Internxt VPN, ParrotTalks, Uvoice, and VPNCity, each with tens of thousands of users, based on Chrome Web Store statistics.
The breach was initiated when a Cyberhaven employee fell victim to a phishing email that impersonated official communication from Google. Believing it to be legitimate, the employee entered their credentials on a phishing page, giving hackers access to the extension.
Cyberhaven believes the attack was not aimed at specific companies but rather part of a broader phishing campaign, exploiting any recipients who clicked the malicious link.
The extent of the impact on users of these Chrome extensions remains unclear at this time.
