BleepingComputer reports that at least 35 Google Chrome extensions leveraged by nearly 2.6 million users have been compromised with data-exfiltrating code as part of a phishing campaign that was initially reported to have impacted an extension developed by cybersecurity firm Cyberhaven.While Google Groups and LinkedIn reports noted the campaign to have commenced in early December, such an attack may have been tested since March as evidenced by command-and-control subdomains discovered by BleepingComputer. Intrusions involved the utilization of the "supportchromestore.com," "forextensions.com," and "chromeforextension.com" domains to target extension developers with phishing emails falsely claiming policy violations. Clicking the included 'Go To Policy' button redirects targets to a malicious authentication request that would provide threat actors with Chrome Web Store extension permissions. Further examination of the attack campaign revealed the primary targeting of extension users' Facebook accounts, with the injected code seeking compromise of Facebook IDs, account info and tokens, and business accounts, while evading the social media platform's two-factor authentication defenses.
Application security, Data Security, Breach, Threat Intelligence

More details on widespread Chrome extension compromise emerge

Novel Chrome extension-exploiting attack covertly hijacks devices. (Adobe Stock)

Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



