"Cybersecurity researchers have discovered five new malicious Google Chrome web browser extensions that masquerade as human resources (HR) and enterprise resource planning (ERP) platforms like Workday, NetSuite, and SuccessFactors to take control of victim accounts. "The extensions work in concert to steal authentication tokens, block incident response capabilities, and enable complete account takeover through session hijacking," Socket security researcher Kush Pandya said in a Thursday report. The names of the extensions are listed below -"
"DataByCloud Access (ID: oldhjammhkghhahhhdcifmmlefibciph, Published by: databycloud1104) - 251 Installs Tool Access 11 (ID: ijapakghdgckgblfgjobhcfglebbkebf, Published by: databycloud1104) - 101 Installs DataByCloud 1 (ID: mbjjeombjeklkbndcjgmfcdhfbjngcam, Published by: databycloud1104) - 1,000 Installs DataByCloud 2 (ID: makdmacamkifdldldlelollkkjnoiedg, Published by: databycloud1104) - 1,000 Installs Software Access (ID: bmodapcihjhklpogdpblefpepjolaoij, Published by: Software Access) - 27 Installs"
"All of them, with the exception of Software Access, have been removed from the Chrome Web Store as of writing. That said, they are still available on third-party software download sites such as Softonic. The add-ons are advertised as productivity tools that offer access to premium tools for different platforms, including Workday, NetSuite, and other platforms.. Two of the extensions, DataByCloud 1 and DataByCloud 2, were first published on August 18, 2021."
Five malicious Chrome extensions impersonate HR and ERP platforms such as Workday, NetSuite, and SuccessFactors to facilitate account takeover. The extensions exfiltrate cookies to attacker-controlled servers, steal authentication tokens, manipulate the DOM to block security administration pages, and enable session hijacking via cookie injection. Two publishers were used but identical functionality and infrastructure indicate a coordinated campaign. Most extensions have been removed from the Chrome Web Store, though copies persist on third-party download sites. Install counts ranged from dozens to 1,000, with two extensions first published on August 18, 2021.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]