Hackers Could Have Compromised A number of Well-liked Google Chrome Extensions

Hackers have reportedly compromised many in style Google Chrome extensions.

As Reuters experiences, that features Cyberhaven, a software supposed to assist companies cease unauthorized worker entry to firm info, like copying and pasting an Excel spreadsheet full of gross sales leads.

In accordance with an electronic mail despatched to clients, obtained by cybersecurity researcher Matt Johansen, Cyberhaven mentioned one in every of its staff fell sufferer to a “focused superior assault.”

In a weblog put up, Cyberhaven CEO Howard Ting confirmed {that a} “malicious cyberattack…occurred on Christmas Eve.” The attacker phished a Cyberhaven worker and used their credentials to log into its Chrome Net Retailer account. The hacker then pushed a malicious model of the Cyberhaven Chrome extension. That model was eliminated inside 60 minutes, Ting mentioned.

Solely Chrome-based browsers that auto-updated throughout this era had been impacted, Ting added. “For browsers operating the compromised extension throughout this era, the malicious code might have exfiltrated cookies and authenticated periods for sure focused web sites,” he mentioned.

Cyberhaven recommends that clients ensure their extension has up to date to model 24.10.5 or newer, revoke/rotate all passwords that are not FIDOv2, and overview logs for any suspicious exercise.

Ting notes that “public experiences recommend this assault was a part of a wider marketing campaign to focus on Chrome extension builders throughout a variety of corporations.” Cyberhaven’s “preliminary findings present the attacker was concentrating on logins to particular social media promoting and AI platforms.”

Jaime Blasco, CTO of cybersecurity startup Nudge Safety Inc., informed Reuters that a number of different Chrome extensions had been compromised in the identical approach as Cyberhaven’s, and “a minimum of one appeared to have been hit in mid-December.” Blasco mentioned the opposite affected extensions included synthetic intelligence and VPN instruments, calling it an “opportunistic effort to hoover up delicate knowledge utilizing as many compromised extensions as potential.”

TechCrunch says the Cyberhaven extension has round 400,000 company buyer customers, and the corporate listed Motorola, Reddit, and Snowflake as clients previously.

About Will McCurdy

Contributor

I’m a reporter masking weekend information. Earlier than becoming a member of PCMag in 2024, I picked up bylines in BBC Information, The Guardian, The Instances of London, The Every day Beast, Vice, Slate, Quick Firm, The Night Commonplace, The i, TechRadar, and Decrypt Media.

I’ve been a PC gamer because you needed to set up video games from a number of CD-ROMs by hand. As a reporter, I’m passionate concerning the intersection of tech and human lives. I’ve coated the whole lot from crypto scandals to the artwork world, in addition to conspiracy theories, UK politics, and Russia and overseas affairs.

Learn Will’s full bio

Learn the most recent from Will McCurdy