Since mid-December, attackers have carried out a series of hacker attacks, as a result of which they managed to hack extensions for the Chrome browser from several companies. The Reuters news agency writes about this, citing data from one of the victims of cybercriminals, as well as experts studying the malicious campaign.
Image source: pexels.com
One of the victims of the hackers was the California-based Cyberhaven, which specializes in data protection. The company confirmed the hacking and also announced an investigation into this incident. “Cyberhaven can confirm that there was a malicious cyber attack affecting our Chrome extension on Christmas Eve. <…> We are actively cooperating with federal law enforcement agencies,” Cyberhaven said in a statement.
A company email sent to customers and published by security researcher Matt Johansen said hackers compromised the company’s account to publish a malicious update to a Chrome extension in the early hours of December 25th. The letter stated that for customers using the compromised extension, “there is a possibility of leaking sensitive information, including authenticated sessions and cookies, to the attacker’s domain.”
The company also suggested that the attack on their extension was part of a “broader campaign aimed at developers of Chrome extensions.” The scale of the negative impact from a cyber attack has not yet been determined. Browser extensions add new features and allow users to automate various tasks. In Cyberhaven’s case, the extension helps the company monitor and protect customer data flowing through web applications.
A representative of the Texas company Nudge Security, which works in the field of information security, said that it was possible to identify several more extensions for Chrome that were hacked in a similar way. At least one of them was hacked by hackers in mid-December. Other victims include extensions related to artificial intelligence-based features and virtual private networks.
If you notice an error, select it with the mouse and press CTRL+ENTER.
Source: 3dnews.ru
