In mid-December a cyberattack campaign inserted malicious code into several Chrome browser extensions, reuters reported yesterdayThe code appears to have been designed to steal browser cookies and authentication sessions, targeting “specific social media advertising and AI platforms.” According to a blog post From Cyberhaven, one of the companies that was targeted.
Cyberhaven wrote in an article that the attack was attributed to phishing emails. separate technical analysis post The code appears to specifically target Facebook advertising accounts. according to Reuters, SSecurity researcher Jaime Blasco believes the attack was “just random” and not specifically targeting CyberHaven. He Posted on x It found VPNs and AI extensions that contained the same malicious code that was injected into Cyberhaven.
CyberHaven says hackers pushed out an update (version 24.10.4) of its CyberHaven Data Loss Prevention extension at 8:32 pm ET on Christmas Eve, which contained malicious code. CyberHaven says it discovered the code at 6:54 pm ET on December 25 and removed it within an hour, but the code was still active until 9:50 pm ET on December 25. The company says it has released a clean version in its 24.10.5 update.
CyberHaven's recommendations for companies affected include checking their logs for suspicious activity and revoking or rotating any passwords that do not use the FIDO2 multifactor authentication standard. Before publishing its post, the company notified customers via an email. techcrunch informed Friday morning.