+98-21-64015000 info@taminict.ir
Search

News

Security of Chrome browser extensions questioned
  • Sunday، 15 December 2024

Security of Chrome browser extensions questioned

A widespread cyberattack targeted trusted Chrome browser extensions to steal information. A phishing attack that inserted malicious code into the Cyberhaven data protection extension appears to be part of a broader campaign.

Description

A widespread cyberattack has targeted trusted Chrome browser extensions to steal information. A phishing attack that inserted malicious code into the Cyberhaven data protection extension appears to be part of a broader campaign. A cyberattack campaign has been injecting malicious code into several Chrome browser extensions since mid-December, according to the cyber service Tech News Media. The code was designed to steal browser cookies and authentication sessions, focusing on “specific social media ads and AI platforms,” according to a blog post from Cyberhaven, one of the companies targeted. The attacks highlight the rise in targeted cyberattacks on users online and the importance of protecting personal information in this space. Cyberhaven blames the attack on a phishing email, writing in a separate technical analysis post that the code specifically targeted Facebook advertising accounts. According to Reuters, security researcher Jamie Blasko believes the attack was “completely random” and that Cyberhaven was not specifically targeted. In a post on X (formerly Twitter), he said he found VPN and AI plugins that contained the same malicious code that was injected into Cyberhaven. The finding suggests that the scope of the attack was much broader than previously thought.

Other potentially affected add-ons include Internxt VPN, VPNCity, Uvoice, and ParrotTalks. This suggests that a wide range of users may have been compromised and highlights the importance of closely examining the security posture of these add-ons. Identifying and fixing these vulnerabilities is essential to prevent further exploitation. Cyberhaven says the hackers released an update (version 24.10.4) to its Cyberhaven data loss prevention add-on that contained malicious code on Christmas Eve at 8:32 p.m. ET. Cyberhaven says it discovered the code on Dec. 25 at 6:54 p.m. ET and removed it within an hour, but the code was still active as of Dec. 25 at 9:50 p.m. ET. The company says it released the patched version in its 24.10.5 update. Cyberhaven’s speed in identifying and fixing the problem is impressive, but the incident shows that even trusted plugins can be exploited. Cyberhaven’s advice to companies that may have been affected includes reviewing their logs for suspicious activity and revoking or changing any passwords that don’t use the FIDO2 multi-factor authentication standard. Before publishing its posts, the company notified its customers via email, which was reported by news outlets Friday morning. This timely notification to customers was an important step in mitigating potential damage. The incident once again emphasizes the importance of constantly updating software and using strong security practices. For more news, visit the Techna Media Hacking and Cybersecurity News page.