At least five extensions for the Google Chrome browser have been hijacked by hackers. The extensions allow the hackers to capture passwords and other browsing data.
Hackers are targeting extensions for the Google Chrome browser. There are already five known cases of extensions injected with malicious code. The attackers are trying to grab passwords and browsing data from their unsuspecting users through the extensions.
The wave of attacks came to light through Cyberhaven, which itself fell victim to the hackers. Cyberhaven offers services to secure data. Around Christmas, the company noticed something was off. An update with malicious content had been sent out to users of the company’s browser extension.
Unsafe port
The attackers had gotten in via a phishing attack on one of the employees, the company shares in an analysis. This allowed the attackers to inject malicious code into the extension and send it out per updates. Cyberhaven removed the malicious file within 24 hours, but it is unclear how many times it had been installed by then.
The company advises all users of the extension to take the necessary precautions. The attackers are now abusing the extension to extract passwords from users. It is recommended that all passwords not protected by MFA be reset.
read also
Researchers need just one hour to crack Microsoft Azure MFA security system
Extensions hijacked
The attack on the Cyberhaven extension is not an isolated incident. According to a security researcher, at least four other Chrome extensions have been injected with the same data-stealing malware as Cyberhaven. Two more are said to be VPN extensions (Internxt VPN & VPNCity), a note-taking extension (ParrotTalks) and a survey extension (Uvoice).
So Chrome users best be extra vigilant in the coming time. The attackers seem to be targeting willy-nilly extensions, so it cannot be ruled out that others may fall prey. Since roughly two-thirds of all Internet users worldwide are on Google Chrome, extensions are a favorite target to steal passwords and other browsing data.