A sophisticated cyberattack campaign has targeted 16 Chrome extensions to steal sensitive data of Facebook ad users. According to an initial investigation by the cybersecurity firm Cyberhaven, the malicious code was designed to steal sensitive data, including access tokens, user IDs, account information, cookies, and other sensitive data.
Google Chrome extensions attack: Key details
According to a new report by Reuters, security researcher Jaime Blasco has stated that the attack was a random malware injection and not targeting Cyberhaven specifically. Further, he added that VPN and AI extensions containing the same malicious code that was inserted into Cyberhaven were responsible for security breaches for other firms.
Cyberhaven has a prestigious list of customers, using its servers such as Snowflake, Motorola, Canon, Reddit, AmeriHealth, Upstart, and others. The cybersecurity company reported in a blog post that its Chrome extension was hacked on December 24, in an attack targeting logins to certain social media advertising and AI platforms. Other extensions, including ParrotTalks, Uvoice, and VPNCity, and 13 other Chrome extensions were also affected.
However, according to the company, the incident was brief and limited. Only version 24.10.4 of the Cyberhaven Chrome extension was affected, and the malicious code was active for less than a day. Till now, Cyberhaven has declined to comment about how many affected customers it had notified about the breach and assured that only Chrome browsers that auto-updated during the time of the cyberattack were impacted.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
