Hackers successfully infiltrated the administrative accounts of multiple Chrome extensions this month, modifying them to insert malicious code following a sophisticated phishing attack. Cybersecurity firm Cyberhaven disclosed over the weekend that its Chrome extension was compromised in an attack dated December 24, targeting logins to specific social media promoting and AI platforms. The assault is not isolated, with a couple of different extensions also affected since mid-December, reports suggest. With alignment to Nudge Safety’s comprehensive suite of tools, including ParrotTalks, Uvoice, and VPNCity.

Cyberhaven alerted its prospective customers via email on December 26, advising them to immediately update and rotate their passwords and other login credentials. A preliminary examination by the corporation revealed that the malicious add-on targeted Facebook Advertising users, aiming to pilfer sensitive data including access tokens, user IDs, and other account details, along with cookies. The code further incorporated a mouse click event listener. “After efficiently sending all the info to the [Command & Control] server, the Fb person ID is saved to browser storage,” Cyberhaven mentioned in its evaluation. “The generated ID is subsequently employed during mouse clicks to facilitate attackers’ access to two-factor authentication on their end, should they desire it.”

Cyberhaven was the first to detect the breach, which occurred on December 25, and promptly isolated the malicious extension within an hour. The company has now released a crystal-clear predictive model.