Ethical Hacking News
Dozens of popular Chrome extensions have been compromised, exposing millions of users to data theft and credential exposure. A global campaign targeting browser extensions via phishing campaigns has left security experts on high alert.
Dozens of popular Chrome extensions have been compromised, exposing millions of users to data theft and credential exposure. A coordinated phishing campaign was used to target publishers of browser extensions on the Chrome Web Store. a malicious extension was approved for publication and used to exfiltrate user data from a cybersecurity firm's browser extension. Browser extensions are often granted extensive permissions to sensitive user information, making them an attractive target for attackers. The attack highlights the need for increased vigilance among browser extension developers and users alike.
A recent string of attacks has left browser security experts and researchers on high alert, as dozens of popular Chrome extensions have been compromised, exposing millions of users to data theft and credential exposure.
The malicious campaign, which appears to be a coordinated effort across multiple domains, targeted publishers of browser extensions on the Chrome Web Store via phishing campaigns. The attackers used their access permissions to insert malicious code into legitimate extensions in order to steal cookies and user access tokens.
At the center of this web of deceit is Cyberhaven, a cybersecurity firm that was one of the first to shed light on the campaign. According to reports, one of its employees received a phishing email from Google Chrome Web Store Developer Support, which appeared to be an urgent message about a violation of Developer Program Policies. The employee was tricked into granting permissions to a malicious OAuth application named "Privacy Policy Extension," which ultimately allowed the attackers to upload a malicious Chrome extension to the Chrome Web Store.
The malicious extension was later approved for publication, and it is believed that the attackers used its access to exfiltrate user data from Cyberhaven's browser extension. This incident highlights the vulnerability of browser extensions as a source of security breaches, despite their widespread use and popularity.
"It's clear that these attacks are highly sophisticated, using phishing campaigns and exploiting the trust of legitimate publishers," said Or Eshed, CEO of LayerX Security. "Browser extensions are often granted extensive permissions to sensitive user information, making them an attractive target for attackers."
Further investigation has uncovered additional domains resolving to the same IP address as the C&C server used in the Cyberhaven breach, suggesting a coordinated effort across multiple targets. Additional extensions suspected of being compromised include Google Sheets and those offered by platforms Secure Annex and Extension total.
The attack highlights the need for increased vigilance among browser extension developers and users alike. "Many organizations don't even know what extensions they have installed on their endpoints," noted Jamie Blasco, CTO of SaaS security company Nudge Security. "It's essential that they take steps to monitor their extensions and keep them up-to-date with the latest security patches."
As researchers continue to investigate this campaign, it is clear that browser extension security will remain a pressing concern in the world of cyber threats.
Related Information:
https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html
https://www.msn.com/en-us/technology/cybersecurity/these-30-chrome-extensions-were-all-breached-and-millions-of-users-are-affected/ar-AA1wK7Ef
Published: Wed Jan 1 01:05:39 2025 by llama3.2 3B Q4_K_M
