A sophisticated cyberattack has compromised at least 35 Chrome browser extensions, potentially exposing over 2.6 million users to data theft and credential stealing.
The campaign began with a phishing attack targeting a Cyberhaven employee, granting attackers access to their Chrome Web Store account. This allowed them to inject malicious code into the Cyberhaven extension, which was subsequently downloaded by numerous users.
Further investigation revealed that this was not an isolated incident. Multiple other extensions, including popular tools for AI assistance, VPNs, and video recording, were also compromised, likely through similar phishing attacks.
These malicious extensions collected user data, including cookies, access tokens, and potentially even sensitive financial information. Some extensions even contained code designed to steal Facebook login credentials.
Attack like these highlights the growing threat of compromised browser extensions. As these extensions often have broad access to user data and browsing activity, they can be a significant entry point for cybercriminals.
Users are advised to exercise caution when installing browser extensions, carefully vetting their source and checking for any suspicious activity. Developers are also urged to implement strong security measures to protect their accounts and prevent unauthorised access.
This ongoing campaign underscores the importance of vigilant security practices in the ever-evolving threat landscape of online activity.