Hackers attack Chrome extensions for Christmas
California-based cybersecurity company Cyberhaven reported that its systems were attacked on Christmas Eve, 24 December 2024.
Here's What We Know
The hackers targeted Chrome browser extensions, but the company did not specify the purpose of the attack and does not know who is behind the incident. Cyberhaven is currently cooperating with federal law enforcement agencies and has also engaged Google-owned Mandiant in the investigation.
The company does not consider itself the main target of the attack. The attack on its extension is part of a larger operation that affected several other Chrome extensions from different companies. The names of these companies are not disclosed.
According to the co-founder of Nudge Security, he has noticed several extensions that have been affected by similar attacks, some of which may have fallen victim as early as mid-December.
The cybercriminals had likely been controlling some of the add-ons for some time. In the case of Cyberhaven, the extension was under the control of the attackers for more than a day. The company stated that it removed the malware from the Chrome Store within an hour of discovering the problem. However, users who managed to install it remained vulnerable for at least 30 hours.
The malicious update allowed users to steal information, including passwords, and access cookies and sessions. Extension owners should update their versions, but do not delete them, as parts of the malicious code can be used for further analysis. In addition, Cyberhaven recommends that users change their passwords and check their activity for malicious activity.
Although the exact details of the attack have not been disclosed, there is speculation that a phishing attack on one of the company's employees could have been one of the causes of the incident.
Source: Reuters
