Encircle News!

Retro Game Arcade
, , ,

Google Chrome extensions hack may have started much earlier than expected

Latest from TechRadar US in News,opinion

  • New details have emerged regarding recent cyberattack
  • A malicious Google Chrome extension led to 400,000 users being infected with malware
  • Attackers were reportedly planning the campaign as early as March 2024

The recent cyberattack which hit security firm Cyberhaven and then affected a number of Google Chrome extenions may have been part of a ‘wider campaign’, new research has claimed.

A BleepingComputer investigation found the same code was injected into at least 35 Google Chrome extensions, which are being used by roughly 2.6 million users worldwide. This led to 400,000 devices being infected with malicious code through the CyberHaven extensions.

The campaign started as early as December 5, over two weeks earlier than first suspected, although command and control subdomains have been found dating back as far as March 2024.

Data loss prevention

Ironically, cybersecurity firm Cyberhaven is a startup which provides a Google Chrome extension aimed at preventing sensitive data loss from unapproved platforms, such as Facebook or ChatGPT.

In this particular case, the attack originated from a phishing email against a developer, which posed as a Google notification alerting the administrator that an extension was in breach of Chrome Web Store policies and at risk of being removed. The developer was encouraged to allow a ‘Privacy Policy Extension’, which then granted attackers permissions and allowed access.

After this, a new malicious version of the extension was uploaded, which bypassed Google’s security checks, and was spread to around 400,000 users thanks to automatic extension updates on Chrome.

It has now been discovered the attackers were aiming to collect Facebook data from victims through the extensions, and domains used in the attack were registered and tested back in March 2024, before a new set was created in November and December ahead of the incident.

“The employee followed the standard flow and inadvertently authorized this malicious third-party application,” Cyberhaven said in a statement.

“The employee had Google Advanced Protection enabled and had MFA covering his account. The employee did not receive an MFA prompt. The employee’s Google credentials were not compromised.”

You might also like

https://www.techradar.com/pro/security/google-chrome-extensions-hack-may-have-started-much-earlier-than-expected

Leave a Reply

Your email address will not be published. Required fields are marked *

Follow Us

Featured Posts

January 2025
M T W T F S S
 12345
6789101112
13141516171819
20212223242526
2728293031  

About Us

Welcome to encircle News! We are a cutting-edge technology news company that is dedicated to bringing you the latest and greatest in everything tech. From automobiles to drones, software to hardware, we’ve got you covered.

At encircle News, we believe that technology is more than just a tool, it’s a way of life. And we’re here to help you stay on top of all the latest trends and developments in this ever-evolving field. We know that technology is constantly changing, and that can be overwhelming, but we’re here to make it easy for you to keep up.

We’re a team of tech enthusiasts who are passionate about everything tech and love to share our knowledge with others. We believe that technology should be accessible to everyone, and we’re here to make sure it is. Our mission is to provide you with fun, engaging, and informative content that helps you to understand and embrace the latest technologies.

From the newest cars on the road to the latest drones taking to the skies, we’ve got you covered. We also dive deep into the world of software and hardware, bringing you the latest updates on everything from operating systems to processors.

So whether you’re a tech enthusiast, a business professional, or just someone who wants to stay up-to-date on the latest advancements in technology, encircle News is the place for you. Join us on this exciting journey and be a part of shaping the future.

Podcasts

TWiT 1012: Our Best Of 2024 – The Best Moments From TWiT's 2024 This Week in Tech (Audio)

TWiT wishes all listeners and viewers a Happy New Year and peaceful 2025! Padre's CES 2024 haul Cory Doctorow's infamous ensh*ttification term Tesla teases a robotaxi Last in-studio audience for TWiT Padre on the AI priest Google Search gets worse Christina Warren's Rabbit R1 Snowflake and the AT&T breach Crowdstrike's big outag Last in-studio episode before moving out Salt Hank shows off his new cookbook TWiT's 1000th episode brings back old friends The State of X/Twitter under Elon Parenting with TWiT daddies Tech billionaires affecting Trump's transition team Host: Leo Laporte Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
  1. TWiT 1012: Our Best Of 2024 – The Best Moments From TWiT's 2024
  2. TWiT 1011: The Year in Review – A Look at the Top Stories of 2024
  3. TWiT 1010: The Densest State in the US – TikTok Ban, Drones Over Jersey, GM Quits Robotaxis
  4. TWiT 1009: Andy Giveth & Bill Taketh Away – Trump's Tech Titans, Crypto Boom, TikTok's US Ban, Intel CEO Exits
  5. TWiT 1008: Internet Legal – Australia's Social Media Ban for Kids, Smart Home Nightmare, Bluesky's Ascent