Security News Cybersecurity firm's Chrome extension hijacked to steal users' data

Gandalf_The_Grey

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,484
Content source
https://www.bleepingcomputer.com/news/security/cybersecurity-firms-chrome-extension-hijacked-to-steal-users-data/
At least five Chrome extensions were compromised in a coordinated attack where a threat actor injected code that steals sensitive information from users.

One attack was disclosed by Cyberhaven, a data loss prevention company that alerted its customers of a breach on December 24 after a successful phishing attack on an administrator account for the Google Chrome store.

Among Cyberhaven's customers are Snowflake, Motorola, Canon, Reddit, AmeriHealth, Cooley, IVP, Navan, DBS, Upstart, and Kirkland & Ellis.

The hacker hijacked the employee’s account and published a malicious version (24.10.4) of the Cyberhaven extension, which included code that could exfiltrate authenticated sessions and cookies to the attacker's domain (cyberhavenext[.]pro).

Cyberhaven's internal security team removed the malicious package within an hour since its detection, the company says in an email to its customers.
Click to expand...
www.bleepingcomputer.com

Cybersecurity firm's Chrome extension hijacked to steal users' data

At least five Chrome extensions were compromised in a coordinated attack where a threat actor injected code that steals sensitive information from users.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • Wow
  • +Reputation
Reactions: Berny, Brownie2019, enaph and 9 others
Jonny Quest

Jonny Quest

Level 22
Verified
Top Poster
Well-known
Mar 2, 2023
1,196
CyberDevil said:
Almost 50-70% of these threats are on .xyz and .pro domains. I advise everyone to block them and live more peacefully. In Eset you can do it with a simple rule like “*.xyz”. Or connect nextdns or controld. :)
Click to expand...
Thanks, in being newer to ESET, by following theses steps?

[KB2844] Block a website using ESET home and small office products for Windows

support.eset.com support.eset.com

Screenshot 2024-12-28 082834.png
 
  • Like
Reactions: oldschool, Zero Knowledge, Onsangon and 3 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,484
New details reveal how hackers hijacked 35 Google Chrome extensions
New details have emerged about a phishing campaign targeting Chrome browser extension developers that led to the compromise of at least thirty-five extensions to inject data-stealing code, including those from cybersecurity firm Cyberhaven.

Although initial reports focused on Cyberhaven's security-focused extension, subsequent investigations revealed that the same code had been injected into at least 35 extensions collectively used by roughly 2,600,000 people.

From reports on LinkedIn and Google Groups from targeted developers, the latest campaign started around December 5th, 2024. However, earlier command and control subdomains found by BleepingComputer existed as far back as March 2024.

"I just wanted to alert people to a more sophisticated phishing email than usual that we got that stated a Chrome Extension policy violation of the form: 'Unnecessary details in the description'," reads the post to Google Group's Chromium Extension's group.

"The link in this email looks like the webstore but goes to a phishing website that will try to take control of your chrome extension and likely update it with malware."
Click to expand...
www.bleepingcomputer.com

New details reveal how hackers hijacked 35 Google Chrome extensions

New details have emerged about a phishing campaign targeting Chrome browser extension developers that led to the compromise of at least thirty-five extensions to inject data-stealing code, including those from cybersecurity firm Cyberhaven.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Wow
  • Hundred Points
  • +Reputation
Reactions: Jonny Quest, oldschool and simmerskool
Gandalf_The_Grey

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,484
Time to check if you ran any of these 33 malicious Chrome extensions
As many of us celebrated the year-end holidays, a small group of researchers worked overtime tracking a startling discovery: At least 33 browser extensions hosted in Google’s Chrome Web Store, some for as long as 18 months, were surreptitiously siphoning sensitive data from roughly 2.6 million devices.

The compromises came to light with the discovery by data loss prevention service Cyberhaven that a Chrome extension used by 400,000 of its customers had been updated with code that stole their sensitive data.
Click to expand...
arstechnica.com

Time to check if you ran any of these 33 malicious Chrome extensions

Two separate campaigns have been stealing credentials and browsing history for months.
arstechnica.com arstechnica.com
 
  • Like
  • Applause
  • +Reputation
Reactions: brambedkar59, oldschool, simmerskool and 2 others
H

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,162

Remove these extensions from your web browser

The browser extension security platform Secure Annex has launched its own investigation into this hacking campaign. So far, it has uncovered over twenty additional compromised extensions, which are listed below. If you have any of the compromised extensions listed in Secure Annex's investigation installed on your browser, it’s essential to remove them immediately to protect your data.

  1. AI Assistant - ChatGPT and Gemini for Chrome
  2. Bard AI Chat Extension
  3. GPT 4 Summary with OpenAI
  4. Search Copilot AI Assistant for Chrome
  5. TinaMInd AI Assistant
  6. Wayin AI
  7. VPNCity
  8. Internxt VPN
  9. Vindoz Flex Video Recorder
  10. VidHelper Video Downloader
  11. Bookmark Favicon Changer
  12. Castorus
  13. Uvoice
  14. Reader Mode
  15. Parrot Talks
  16. Primus
  17. Tackker - online keylogger tool
  18. AI Shop Buddy
  19. Sort by Oldest
  20. Rewards Search Automator
  21. ChatGPT Assistant - Smart Search
  22. Keyboard History Recorder
  23. Email Hunter
  24. Visual Effects for Google Meet
  25. Earny - Up to 20% Cash Back
  26. Cyberhaven security extension V3
  27. GraphQL Network Inspector
  28. Vidnoz Flex - Video recorder & Video share
  29. YesCaptcha assistant
  30. Proxy SwitchyOmega (V3)
  31. ChatGPT App
  32. Web Mirror
  33. Hi AI
Keeping these extensions installed is a serious risk since hackers can still access your data even if the malicious version has been taken down from the Chrome Web Store.
Click to expand...
Read more: Hacked Chrome extensions put 2.6 million users at risk of data leak
 
Last edited by a moderator:
  • Like
  • +Reputation
Reactions: icotonev, Victor M, Captain Awesome and 1 other person

Similar threads

Gandalf_The_Grey
    • Wow
    • Like
Security News Fortinet confirms data breach after hacker claims to steal 440GB of files
Replies
0
Views
1,462
Security News
Gandalf_The_Grey
Gandalf_The_Grey
enaph
    • Like
    • Sad
    • Wow
Security News Popular Chrome Extension to Hide YouTube Shorts Turned Malicious
Replies
4
Views
1,121
Security News
lokamoka820
lokamoka820
Gandalf_The_Grey
    • Like
    • +Reputation
Security News The biggest cybersecurity and cyberattack stories of 2024
Replies
0
Views
344
Security News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top