According to the reports on Monday (30 December), hackers successfully infiltrated several Chrome extensions in December by injecting malicious code through compromised admin accounts, gained via phishing attacks. Cyberhaven revealed its Chrome extension was breached on December 24, specifically targeting Facebook Ads users. Other impacted extensions include ParrotTalks, Uvoice, and VPNCity, as reported by Nudge Security.
The attackers aimed to steal sensitive user data, such as access tokens, user IDs, cookies, and login credentials for specific platforms. Cyberhaven’s analysis uncovered that the malicious code included a mouse click listener, enabling attackers to assist with bypassing two-factor authentication (2FA) using stored user IDs.
Cyberhaven detected the breach on December 25 and quickly removed the malicious version of its extension within an hour. The company released a clean version and informed customers on December 26, advising them to revoke and rotate credentials. Prompt action was recommended to prevent further exploitation of stolen data.
This incident highlights the importance of cybersecurity for browser extensions and user accounts. Users are advised to stay vigilant by keeping software updated and rotating passwords frequently. Cyberhaven’s response serves as a reminder for companies to act swiftly to minimize the impact of such breaches.
References
