While cases of Digital Arrest Scams are on the rise in India, another trend has begun globally. Apparently, cybercriminals are now targeting Chrome extension developers to gain access to a large number of users’ information. Most recently, a renowned company’s extension was compromised, and it wasn’t the only extension that bad actors targeted.
Also Read: Fraudsters Impersonating Investment Firm Duped Kerala Man of Rs. 4.05 Crore
What Happened With Cyberhaven’s Chrome Extension?
According to a report by Reuters, cybercriminals have started to target Chrome browser extensions to steal people’s information. According to Cyberhaven’s CEO (a data protection solutions company), a malicious cyberattack took place on the company’s Chrome extension on Christmas Eve.
Giving more details on what happened, the company states how a phishing attack compromised an employee’s credentials to access the Chrome Web Store. Then, the bad actors used the credentials to float a malicious version of Cyberhaven’s Chrome extension. The affected version of the extension is 24.10.4.
With this, the Chrome-based browsers that auto-download the update were affected. As mentioned in the blog, “the malicious code could have exfiltrated cookies and authenticated sessions for certain targeted websites.” More importantly, the attackers tried logging in to specific social media advertising platforms.
The company has taken all the countermeasures, including notifying all the affected users and removing the malicious version of the extension. Moreover, this was part of a larger campaign that targeted Chrome extension developers.
Also Read: E-Challan Scams: What You Need to Know to Stay Safe
Some Other Popular Chrome Extensions Are Also Under Attack
The co-founder of Nudge Security, Jaime Blasco, also told Reuters about spotting a couple of other Chrome Web Store extensions with malicious code. These include Internxt VPN, VPNCity, Uvoice, and ParrotTalks. Collectively, these extensions have about 140,000 users, which is a considerable number.
According to a more recent report by The Hacker News, a total of 16 hacked Chrome extensions have exposed over 600,000 users’ data to theft. As mentioned in the report, the bad actors used a phishing email, which claimed to be from the Google Chrome Web Store Developer’s support team.
The email mentioned how the extension would be removed from the Web Store if the developers didn’t act immediately. Further, the email requested the recipients to click on a link that asked for permission to make changes to the extension.
Also Read: Bollywood Actor Aftab Shivdasani Loses ₹1.5 Lakh in KYC Scam: 8 Tips to Stay Safe
Why Are Hackers Targeting Chrome Extensions Anyway?
Moreover, these are just a few extensions that experienced the same issue all at the same time. For those catching up, Chrome extensions often have access to sensitive information, such as browsing history, cookies, credentials, personal data like name, email address, and, in some cases, financial data.
Amid such a scenario, avid users of Google Chrome extensions should check whether the ones they use have reported any hacking incidents. If they have, users should remove the extensions, change the credentials that the extension had access to, and wait for the developers to release a safe version.
You can follow Smartprix on Twitter, Facebook, Instagram, and Google News. Visit smartprix.com for the most recent news, reviews, and tech guides.
