Hackers were reportedly able to modify several Chrome extensions with malicious code this month after gaining access to admin accounts through a phishing campaign. The cybersecurity company Cyberhaven shared in a blog post this weekend that its Chrome extension was compromised on December 24 in an attack that appeared to be “targeting logins to specific social media advertising and AI platforms.” A few other extensions were hit as well, going back to mid-December, Reuters reported. According to Nudge Security’s Jaime Blasco, that includes ParrotTalks, Uvoice and VPNCity.
Cyberhaven notified its customers on December 26 in an email seen by TechCrunch, which advised them to revoke and rotate their passwords and other credentials. The company’s initial investigation of the incident found that the malicious extension targeted Facebook Ads users, with a goal of stealing data such as access tokens, user IDs and other account information, along with cookies. The code also added a mouse click listener. “After successfully sending all the data to the [Command & Control] server, the Facebook user ID is saved to browser storage,” Cyberhaven said in its analysis. “That user ID is then used in mouse click events to help attackers with 2FA on their side if that was needed.”
Cyberhaven said it first detected the breach on December 25 and was able to remove the malicious version of the extension within an hour. It’s since pushed out a clean version.
This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/hackers-injected-malicious-code-into-several-chrome-extensions-in-recent-attack-220648155.html?src=rss https://www.engadget.com/cybersecurity/hackers-injected-malicious-code-into-several-chrome-extensions-in-recent-attack-220648155.html?src=rssConnectez-vous pour ajouter un commentaire
Autres messages de ce groupe
Tubi isn’t the only service touting its Su
With Super Bowl LIX only a few days away, it's a decent time to grab a new TV at a discount. If you're hoping t
Amazon is set to show off some new stuff later this month. The company has scheduled a devices event for February 26 in New York City. The company's hardware chief, Panos Panay, and his devices and
There's a reason I didn't pick up my first pair of over-ear headphones until last year: they're expensive. But, that's where nice sales come in handy. And, there's a very nice sale going on right n
Smart rings have been a niche inside a niche in the wearables world for more than a decade. But in the last few years, they’ve enjoyed a renaissance as more attention and hype brought bigger names
