Recent reports reveal that several companies experienced significant cybersecurity breaches this Christmas due to hackers targeting their Chrome extensions.
A cybersecurity incident involving malicious code injections into Chrome extensions was first detected by an impacted company. The cyberattack aimed to compromise user data, including web browser cookies and authentication credentials. Hackers primarily sought access to social media advertising accounts, with a focus on Facebook Ads accounts, as well as credentials for AI platforms.
The malicious code was introduced through an updated version of the affected Chrome extension, which was distributed to users on Christmas Eve. The breach was identified the following day, prompting a swift response from the affected company, which released a fix within an hour and began notifying users of the situation shortly thereafter.
Additional Chrome extensions reported to have been compromised include Internxt VPN, ParrotTalks, Uvoice, and VPNCity, each boasting tens of thousands of users according to public statistics.
The initial compromise occurred when a hacker successfully targeted an employee of the affected company through a phishing email aimed at Chrome extension developers. The employee, misled into believing the email was from an official source, entered their login information on a fraudulent page.
While the attackers did not seem to focus on any specific organizations, the incident highlights a broader mass phishing campaign that can affect various recipients. The extent of the impact on users of the compromised Chrome extensions remains uncertain.
Topics
Cybersecurity
Google
