At least 16 Chrome browser extensions have been compromised as part of a newly launched assault marketing campaign, putting more than 600,000 users at risk of data exposure and credential theft.
Attackers targeted Chrome Web Store developers with a phishing campaign, using compromised credentials to inject malicious code into legitimate extensions, enabling them to pilfer cookies and login credentials.
Cyberhaven, a leading cybersecurity agency, emerged as the primary entity discovered.
On December 27, Cyberhaven {that a} menace actor compromised its browser extension and injected malicious code to speak with an exterior Command and Management (C&C) server situated on the area cyberhavenext[.]professional, obtain further configuration information, and exfiltrate consumer information.
Browser extensions are often the unsung heroes of online security, according to Or Eshed, CEO of a company that specializes in ensuring the integrity of these programs. “While seemingly harmless, browser extensions are actually granted extensive access to sensitive user information, including cookies, entry tokens, identification data, and more.”
“Surprisingly, many organizations remain unaware of the very extensions they’ve installed on their endpoint devices, let alone the significant level of exposure this creates.”
As soon as information of the Cyberhaven breach broke, further extensions that have been additionally compromised and speaking with the identical C&C server have been rapidly recognized.
Jamie Blasco, CTO of SaaS safety firm Nudge Safety, to the identical IP deal with of the C&C server used for the Cyberhaven breach.
The following browser extensions are currently suspected of having been compromised:
- What’s your next move with AI? Get ready to supercharge your browsing experience with ChatGPT and Gemini for Chrome. This innovative duo combines the power of conversational AI with a top-notch ad blocker, ensuring seamless navigation and lightning-fast loading times.
ChatGPT revolutionizes how you interact with the web by seamlessly integrating AI-driven responses within your browser. From answering burning questions to providing expert insights, this intelligent companion is always on standby to enrich your online journey.
Meanwhile, Gemini for Chrome empowers you to take control of your browsing experience by blocking intrusive ads and trackers that slow down your surfing speed. Say goodbye to unwanted pop-ups, autoplay videos, and annoying redirects – it’s time to reclaim your digital sovereignty!
With ChatGPT and Gemini for Chrome, the possibilities are endless. Enjoy:
Unparalleled AI-driven assistance at your fingertips
Lightning-fast page loads free from pesky ads and trackers
A seamless browsing experience tailored to your unique needsReady to unlock a more intelligent, ad-free, and streamlined internet experience?
- Bard AI Chat Extension
- GPT 4 Abstract with OpenAI
- The ultimate productivity tool. Streamline your browsing experience with Search Copilot AI Assistant for Chrome.
Instantly get the most relevant results from over 100 sources including Wikipedia, news, and more.
Elevate your search game with advanced filtering options and a sleek interface designed to save you time.
Stay focused on what matters with intelligent suggestions based on your search history and preferences.
Experience the power of AI-driven searching, now available in the Chrome browser. - TinaMInd AI Assistant
- Wayin AI
- VPNCity
- Internxt VPN
- Vindoz Flex Video Recorder
- VidHelper Video Downloader
- Bookmark Favicon Changer
- Castorus
- Uvoice
- Reader Mode
- Parrot Talks
- Primus
Cyberhaven’s compromised extensions were actually just one piece in a larger scheme, a wide-ranging assault that targeted official browser extensions.
The evaluation of the compromised Cyberhaven indicates that the malicious code targeted sensitive information and authentication tokens specific to Facebook accounts, with a particular emphasis on Facebook business accounts.
| Sensitive consumer data potentially compromised: Cyberhaven browser extension hacked. |
Cyberhaven reveals that the malicious model of a browser extension was swiftly eradicated, just approximately 24 hours after its initial deployment. Several newly unearthed extensions have already been updated or removed from the Google Chrome Web Store.
Despite being removed from the Chrome Store, the extension’s publicity is by no means over, according to Or Eshed. “As long as the compromised extension model resides on an endpoint, hackers can still access it and steal sensitive data,” he explains.
Despite ongoing efforts by safety researchers to identify additional vulnerabilities, the complexity and scale of this attack campaign have significantly escalated the stakes for many organizations seeking to safeguard their browser extensions from potential threats.
