Cyberhaven reported that hackers injected malicious code into Chrome extensions to steal sensitive user data such as web browser cookies and account authentication. This attack focused on accessing social media advertising accounts, particularly Facebook Ads, and AI platform credentials.
The compromised Chrome extension was updated with malicious code on Christmas Eve, and Cyberhaven was alerted to the hack on Christmas Day, responding quickly to push out a fix.
The initial breach stemmed from a phishing email targeting a Cyberhaven employee who mistakenly believed the email was from an official Google source, resulting in credential theft.
The attack on Chrome extensions involved multiple affected companies, with malicious updates noted in extensions like Internxt VPN and ParrotTalks, potentially impacting tens of thousands of users.
Collection
[
|
...
]