Hackers were reportedly able to modify several Chrome extensions with malicious code this month after gaining access to admin accounts through a phishing campaign. Cybersecurity company Cyberhaven participated in a This weekend, its Chrome extension was compromised on December 24 in an attack that appeared to “target logins for certain ads on social media and AI platforms.” Some other stretches were also hit, starting in mid-December. I mentioned. According to Nudge Security Which include ParrotTalks, Uvoice, and VPNCity.
Cyberhaven notified its customers on December 26 in an email I reviewed which advised them to revoke and rotate their passwords and other credentials. The company’s initial investigation into the incident found that the malicious extension targeted Facebook Ads users, with the aim of stealing data such as access tokens, user IDs, and other account information, along with cookies. The code also added a mouse click listener. “After all data is successfully sent to the (Command and Control) server, the Facebook user ID is saved in the browser storage,” Cyberhaven said in its analysis. “This user ID is then used in mouse click events to assist attackers with two-factor authentication on their end if necessary.”
Cyberhaven said it first discovered the hack on December 25 and was able to remove the malicious version of the extension within an hour. A clean version has since been released.
https://s.yimg.com/ny/api/res/1.2/Gb00ZcTqtUwa7Wyl3TPwnA–/YXBwaWQ9aGlnaGxhbmRlcjt3PTEyMDA7aD04MDA-/https://s.yimg.com/os/creatr-uploaded-images/2024-12/c9e02fd0-c62f-11ef-9cfd-1cfb7b6d357e
Source link