The cybersecurity world is once again in a frenzy after the discovery of a sophisticated cyberattack that targeted several popular chrome browser extensions . The incident, which emerged in the last weeks of December 2024. Highlighted a new vulnerability in the extension protection system of the most used browser in the world .
Cybersecurity firm Cyberhaven was among the first to spot and report the attack. Which involved its Chrome extension on December 24. The company immediately launched a thorough investigation. Revealing that hackers had managed to infiltrate administrative accounts through a well-orchestrated phishing campaign .
According to preliminary analysis, the attackers’ primary goal was to intercept access to specific social media advertising and artificial intelligence platforms . The malicious code embedded in the extensions was specifically designed to target Facebook Ads users. With the intent of stealing access tokens, user IDs, and other sensitive account information.
The attack was not limited to Cyberhaven. As reported by Reuters, other popular extensions have been compromised since mid-December, including ParrotTalks, Uvoice, and VPNCity. The situation has raised particular concern among the developer and security community.
A particularly insidious element of the malicious code was its ability to monitor users’ mouse clicks . According to Cyberhaven’s analysis, after transmitting stolen data to the command-and-control server, the malware saved the Facebook user ID in the browser’s memory . This information was then used to track mouse click events, likely to help attackers bypass any two-factor authentication (2FA) systems.
Fortunately, Cyberhaven’s response to the incident was swift and effective. The company discovered the breach on December 25 and, within an hour, was able to remove the compromised version of the extension. And replace it with a clean version. It also promptly notified its customers via an email on December 26. Advising them to immediately revoke and change their passwords and other login credentials.
The ease with which cybercriminals have been able to compromise administrative accounts. Through phishing is yet another reminder of the growing need to implement more robust security measures and maintain a high level of vigilance.https://youtu.be/-EGDJmJs7a8?si=Mt0-P3ifo74N5JYW