Hackers were reportedly able to modify several Chrome extensions with malicious code this month after gaining access to administrator accounts through a phishing campaign. Cybersecurity company Cyberhaven said in a blog post over the weekend that its Chrome extension was compromised on December 24th in an attack that appeared to “target specific social media ads and logins to AI platforms.” Announced. According to Reuters, several other extensions were also affected as far back as mid-December. According to Nudge Security’s Jaime Blasco, these include ParrotTalks, Uvoice, and VPNCity.
Cyberhaven notified customers on Dec. 26 in an email seen by TechCrunch, advising them to revoke and rotate their passwords and other credentials. The company’s initial investigation into the incident revealed that a malicious extension was targeting Facebook ad users with the goal of stealing data such as access tokens, user IDs, and other account information and cookies. did. In this code, we also added a mouse click listener. Cyberhaven said in its analysis that “Facebook user IDs are stored in browser storage after all data is successfully sent to the (command and control) server.” “That user ID is then used in mouse click events to assist attackers with 2FA on their side if necessary.”
Cyberhaven said it first detected the breach on Dec. 25 and was able to remove the malicious version of the extension within an hour. A clean version has since been released.
