While many of us were enjoying the festive spirit of Christmas Eve, cybercriminals were exploiting the holiday cheer in a more sinister manner. According to a report by Reuters, several companies observed malicious activities targeting Chrome browser extensions. Among the affected was Cyberhaven, a data protection company whose Chrome extension fell victim to a phishing attack on December 24.
Howard Ting, CEO of Cyberhaven, revealed in a company blog post, “A phishing attack compromised a Cyberhaven employee’s credentials to the Google Chrome Web Store. The attacker used these credentials to publish a malicious version of our Chrome extension (version 24.10.4).” This breach was swiftly detected by the Cyberhaven security team, who managed to remove the malicious package within an hour of its discovery.
This incident underscores a worrying trend where hackers target browser extensions, often used by millions, to steal personal data or inject harmful software.
Widespread Impact and Swift Response
The intrusion was specifically timed to exploit the holiday downtime. Cyberhaven reported that the malicious code was active from 1:32 AM UTC on December 25 until 2:50 AM UTC on December 26. Only Chrome-based browsers that auto-updated during this period were compromised. The quick response from Cyberhaven’s team mitigated the potential damage, as affected users were promptly notified and a secure version of the extension was released shortly thereafter.
Broader Concerns Across Chrome’s Web Store
Cyberhaven’s ordeal was not an isolated case. Jaime Blasco, co-founder of Nudge Security, informed Reuters of similar incidents affecting other popular Chrome extensions. On the social media platform X, Blasco highlighted several compromised extensions, including:
– Internxt VPN – Free, Encrypted & Unlimited VPN (10,000 users)
– VPNCity – Fast & Unlimited VPN | Unblocker (50,000 users)
– Uvoice (40,000 users)
– ParrotTalks (40,000 users)
These breaches indicate a large-scale attack targeting various extensions available on the Chrome Web Store.
A Growing List of Compromised Extensions
The scope of this security threat extends further, as cybersecurity practitioner John Tuckner discovered additional extensions embedded with malicious code. According to Bleeping Computer, the affected extensions include Bookmark Favicon Changer, Castorus, Wayin AI, and several others tailored for productivity and communication.
For users of these extensions, it is crucial to check for recent updates and confirm whether the developers have addressed this security issue. In light of these attacks, resetting passwords and reviewing account security settings is advisable, even if your extensions have not been directly compromised.
This series of attacks on Chrome extensions serves as a stark reminder of the vulnerabilities that come with browser add-ons. Users must exercise increased caution, regularly update their software, and stay informed about potential threats. As browser extensions continue to play a significant role in our daily online interactions, understanding and mitigating these risks becomes paramount for maintaining digital security and privacy.
This incident, occurring during a time traditionally reserved for joy and celebration, highlights the persistent vigilance required in our increasingly connected world.
