Hackers Compromise Google Chrome Extensions in Major Cyberattack
A coordinated cyberattack has hijacked several popular Google Chrome extensions, injecting malicious code designed to steal user data and credentials. The attack, which targeted both businesses and individuals, was first identified by cybersecurity firm Cyberhaven.
The Attack: What Happened?
According to Cyberhaven, hackers infiltrated Chrome extensions such as Internxt VPN, ParrotTalks, Uvoice, VPNCity, and their own extension. These extensions collectively serve tens of thousands of users.
The hackers gained access to the extensions by phishing Chrome developers. One Cyberhaven employee fell victim to the phishing email, believing it was from Google, and inadvertently provided their login credentials to the attackers. Once inside, the hackers pushed a malicious update to affected Chrome extensions on Christmas Eve, compromising user data such as browser cookies and social media advertising accounts, particularly Facebook Ads credentials.
Swift Response
Cyberhaven detected the breach on Christmas Day and rolled out a fix within an hour. By December 27, the company had notified affected users via email. Other impacted extensions are also working to mitigate the damage, but it remains unclear how many users have been affected overall.
Key Points of Concern
Scope: Extensions like Internxt VPN and ParrotTalks were compromised, exposing users to potential data theft.
Target: While the attack seemed indiscriminate, it focused on valuable credentials like social media and AI platform logins.
Method: A mass phishing campaign aimed at Chrome developers allowed attackers to bypass security and alter the extensions.
What Can Users Do?
1. Update Extensions: Ensure all Chrome extensions are up-to-date to receive security patches.
2. Change Passwords: Users of affected extensions should reset passwords for sensitive accounts, including social media.
3. Enable 2FA: Use two-factor authentication for additional security.
4. Stay Vigilant: Be cautious of phishing emails, particularly those claiming to be from official sources like Google.
Conclusion
This incident highlights the vulnerability of browser extensions as potential attack vectors. Users are encouraged to regularly review and manage their extensions, and developers should adopt stricter security practices to protect their tools from malicious exploitation. As cybersecurity threats grow, proactive measures remain the best defense.
