While you were wrapping presents or spending time with friends and family on Christmas Eve, hackers were busy looking for ways to steal your data. Reuters reports that multiple companies have seen their Chrome browser extensions hijacked by cybercriminals in recent days, such as the data protection company Cyberhaven on December 24.
“On December 24, a phishing attack compromised a Cyberhaven employee’s credentials to the Google Chrome Web Store,” Cyberhaven CEO Howard Ting wrote on the company’s blog. “The attacker used these credentials to publish a malicious version of our Chrome extension (version 24.10.4). Our security team detected this compromise at 11:54 PM UTC on December 25 and removed the malicious package within 60 minutes.”
Ting says only Chrome-based browsers that auto-updated while the malicious code was active from 1:32 AM UTC on December 25 to 2:50 AM UTC on December 26 were affected. All users who were impacted by the hack were notified by Cyberhaven on December 26, and the team has since published a secure version of the extension.
Unfortunately, this wasn’t an isolated incident for Chrome extensions.
Nudge Security co-founder Jaime Blasco tells Reuters that hackers have similarly hijacked other browser extensions, indicating this is part of a large attack. On X, Blasco pointed to several more extensions with malicious code that he found on the Chrome Web Store:
Internxt VPN – Free, Encrypted & Unlimited VPN (10,000 users)
VPNCity – Fast & Unlimited VPN | Unblocker (50,000 users)
Uvoice (40,000 users)
ParrotTalks (40,000 users)
Even that is just the tip of the iceberg. In a lengthy blog post that is still being regularly updated, cybersecurity practitioner John Tuckner found more extensions containing the familiar malicious code (via Bleeping Computer): Bookmark Favicon Changer, Castorus, Wayin AI, Search Copilot AI Assistant, VidHelper, Vidnoz Flex, TinaMind, Primus, AI Shop Buddy, Sort by Oldest, Earny, ChatGPT Assistant, Keyboard History Recorder, and Email Hunter.
If you use any of these extensions, you should check to see if they have been updated recently and if the developer is aware of this attack. Either way, you might want to reset all of your passwords anyway if you think there’s any chance you’ve been affected.
The post Hackers are hijacking Chrome extensions in an attempt to steal your data appeared first on BGR.
Today’s Top Deals
Today’s deals: $40 Magic Bullet, $38 Sony Bluetooth speaker, $25 myQ, Energizer batteries, more
Today’s deals: $250 Apple iPad 10, $25 Crest 3D Whitestrips, laptop deals, $100 off Bose SoundLink Max, more
Today’s deals: $329 Apple Watch Series 10, $79 Vizio soundbar, 20% off Bowers & Wilkins Pi8 earbuds, more
Today’s deals: 20% off Amazon gift cards, $100 Beats Pill, $60 Oral-B iO electric toothbrush, $100 Nextmug, more
Hackers are hijacking Chrome extensions in an attempt to steal your data originally appeared on BGR.com on Mon, 30 Dec 2024 at 20:34:00 EDT. Please see our terms for use of feeds.