Hackers hijacked legitimate Chrome extensions to try to steal data

Hackers hijacked legitimate Chrome extensions to try to steal data

Briefly

A cyberattack campaign has inserted malicious code into multiple Chrome browser extensions, targeting specific social media advertising and AI platforms, beginning in mid-December.

The Vergehttps://www.theverge.com/2024/12/28/24330758/chrome-extension-cyberhaven-hijack-phishing-cyberattack-facebook-ads-authentication-theft

Cyberhaven believes a phishing email initiated the attack, with the malicious code targeting Facebook Ads accounts and spreading to VPN and AI extensions.

The Vergehttps://www.theverge.com/2024/12/28/24330758/chrome-extension-cyberhaven-hijack-phishing-cyberattack-facebook-ads-authentication-theft

Security researcher Jaime Blasco found the same malicious code in various extensions, indicating a broader, random attack rather than a directed effort against Cyberhaven.

The Vergehttps://www.theverge.com/2024/12/28/24330758/chrome-extension-cyberhaven-hijack-phishing-cyberattack-facebook-ads-authentication-theft

Following the attack, Cyberhaven issued a clean version of their data loss prevention extension after identifying and removing the malicious code shortly after its discovery.

The Vergehttps://www.theverge.com/2024/12/28/24330758/chrome-extension-cyberhaven-hijack-phishing-cyberattack-facebook-ads-authentication-theft