EUR
en
- es
- pt
- fr
- de
- it
Published on 2024-12-31
A cyber attacker has managed to install malicious modifications to legitimate Chrome browser extensions in a 'phishing' campaign deployed during Christmas, which has affected the security firm Cyberhaven.
Cyberhaven is a cybersecurity company that developed a Chrome extension to enhance user security while using this browser. However, due to a malicious campaign, an insecure modified version was distributed for a few hours.
This was due to the 'phishing' campaign that allowed a cyber attacker to activate malicious code in the legitimate extension during Christmas, putting users of the browser version with automatic updates enabled at risk.
In this case, a 'phishing' attack succeeded in obtaining access credentials to the Chrome Web Store of a Cyberhaven employee, facilitating the publication of the malicious extension (v24.10.4).
Cyberhaven's security team detected the change and "removed the malicious package within 60 minutes," confirmed on their official blog, where they explain the situation. They then notified users, starting with those affected, about the incident and released an updated, malware-free version (v24.10.5).
Cyberhaven was not the only one affected by the 'phishing' campaign, as revealed by the investigation they have launched. "Our initial findings show that the attacker targeted logins on specific artificial intelligence and social media advertising platforms," they state.
Jaime Blasco, co-founder and Head of Technology at Nudge Security, also believes that more extensions are affected, based on his analysis of the IP address. "There are more domains created within the same time frame that resolve to the same IP address" as the malicious Cyberhaven extension.
In fact, Blasco cites that the extensions ParrotTalks, Uvoice, and VPNCity are among those affected, as reported on the social network X (formerly Twitter).
COMMENTS
No customer comments for the moment.