Skip to main content

Hackers hijacked legitimate Chrome extensions to try to steal data

A collection of warning signs, bugs, and notifications emulating malware or a cyber attack. The images are placed in a connected web against a blue background.
Illustration by Carlo Cadenas / The Verge

A cyberattack campaign inserted malicious code into multiple Chrome browser extensions as far back as mid-December, Reuters reported yesterday. The code appeared designed to steal browser cookies and authentication sessions, targeting “specific social media advertising and AI platforms,” according to a blog post from Cyberhaven, one of the companies that was targeted.

Cyberhaven blames a phishing email for the attack, writing in a separate technical analysis post that the code appeared to specifically target Facebook Ads accounts. According to Reuters, security researcher Jaime Blasco believes the attack was “just random” and not targeting Cyberhaven specifically. He posted on X that he’d found VPN and AI extensions that contained the same malicious code that was inserted into Cyberhaven.

Other extensions possibly affected include Internxt VPN, VPNCity, Uvoice, and ParrotTalks, as Bleeping Computer writes.

Cyberhaven says hackers pushed an update (version 24.10.4) of its Cyberhaven data loss prevention extension containing the malicious code on Christmas Eve at 8:32PM ET. Cyberhaven says it discovered the code on December 25th at 6:54PM ET and removed it within an hour, but that the code was active until December 25th at 9:50PM ET. The company says it released a clean version in its 24.10.5 update.

Cyberhaven’s recommendations for companies that may be affected include that they check their logs for suspicious activity and revoke or rotate any passwords not using the FIDO2 multifactor authentication standard. Prior to publishing its posts, the company notified customers via an email that TechCrunch reported Friday morning.



from The Verge - All Posts https://ift.tt/52IeXtJ
Labels:

Comments

Post a Comment

Popular posts from this blog

Pandora Stories lets artists add commentary to their own playlists

Pandora launched Stories today, a tool that lets artists and creators add voice commentary to their own playlists. The Stories feature merges podcasts with music playlists, and is meant for artists to add context to an album, or for podcasters to experiment with new storytelling formats. The feature is part of Pandora AMP, the streaming service’s free Artist Marketing Platform that helps creators promote their work. To kick off the launch, Pandora’s prepared some Stories by artists like John Legend and Daddy Yankee, who tell listeners their personal stories interspersed between their own songs. There’s also a Stories playlist called Love Songs That Aren’t Really Love Songs , which includes commentary on individual songs like a podcast... Continue reading… from The Verge - All Posts https://ift.tt/2Xz1oNc
Post a Comment
Read more

Nomad’s 3-in-1 MagSafe Charger and the Sonos One are down to their best prices

Nomad’s minimalist Base One Max 3-in-1 is on sale for $95. | Image: Nomad Fancy phone chargers are nice, but they’re often too expensive to justify the cost. Nomad’s Base One Max 3-in-1 is one of those rare unicorns that delivers a lot of value for your money, however, thus making it worth the splurge. After all, the device can simultaneously charge a MagSafe-compatible phone, your Apple Watch, and a pair of AirPods (or another Qi-compatible device) — that’s something not even Nomad’s forthcoming Qi2 charger can do. What’s even better is that Nomad is currently selling the hefty, MagSafe-certified charger in both black and silver for its Black Friday price of $95 ($55 off). Designed with metal and glass, Nomad’s minimalist slab will look slick on any desk or bedside table. It’s also powerful, delivering up to... Continue reading… from The Verge - All Posts https://ift.tt/25YJfqR
Post a Comment
Read more

Asus’ foldable laptop goes on sale for $3,499.99

The Asus Zenbook 17 Fold OLED, more or less fully unfolded.  | Photo by Monica Chin / The Verge Asus’ first foray into the world of folding-screen laptops, the Zenbook 17 Fold OLED, is now on sale for $3,499.99, the company has announced . Asus says the laptop is being sold in the US via B&H and Newegg though as of this writing only Newegg seems to have the laptop available for immediate shipping, with B&H listing it as “coming soon.” That aligns with the Q4 target date given to us when we reviewed the laptop in August . At $3,499.99, Zenbook 17 Fold OLED is eye-wateringly expensive, but my colleague Monica Chin points out that it’s the first such device that starts to deliver on the promise of this new form factor. You can either use the laptop with its 17.3-inch 2560 x 1920 screen fully unfolded and paired with a bluetooth keyboard... Continue reading… from The Verge - All Posts https://ift.tt/P4q7sej
Post a Comment
Read more