Hackers Hijacked Chrome Extensions to Inject Malicious Code



Introduction

In recent cybersecurity news, hackers have infiltrated Chrome extensions, compromising over 600,000 users. A sophisticated attack targeted at least 16 popular extensions has raised alarms regarding the vulnerability of browser extensions, which are often trusted yet can be exploited for data theft. The attack was discovered in late December 2024 and is linked to a broader phishing campaign that gave cybercriminals access to developers' accounts on the Chrome Web Store. These breaches highlight the growing threat to users' sensitive data and privacy through seemingly harmless browser add-ons.

Understanding the Attack on Chrome Extensions

Cybercriminals employed a well-crafted phishing campaign to compromise several well-known Chrome extensions, which are small programs that enhance the functionality of the browser. The attackers targeted developers of these extensions, using phishing emails to trick them into giving up their credentials. With this access, they were able to inject malicious code into legitimate extensions, which were then made available on the Chrome Web Store.

The Scope of the Breach

The cyberattack affected over 600,000 users worldwide, with the compromised extensions stealing sensitive data such as cookies and access tokens. The attack primarily targeted business accounts, particularly those linked to social media advertising platforms and AI tools. The first known victim was Cyberhaven, a data protection firm based in California. On Christmas Eve 2024, one of their employees was tricked into clicking a malicious link that granted hackers access to their developer account.

How the Hackers Gained Access

The attack began with a phishing email that appeared to come from the Chrome Web Store Developer Support team. The email claimed that an extension was at risk of being removed due to a policy violation, urging the recipient to click a link to resolve the issue. This link redirected the developer to a fake page that prompted them to authorize a malicious OAuth application named “Privacy Policy Extension.” Once the permissions were granted, the attackers gained control and uploaded a version of the Cyberhaven extension with malicious code.

Malicious Code and Its Impact

Once published, the compromised extensions communicated with a remote server controlled by the hackers. This server was responsible for receiving and transmitting stolen data, such as cookies and user session tokens. The malicious code was designed to exfiltrate sensitive information and send it back to the cybercriminals, giving them access to Facebook business accounts, AI platforms, and other valuable targets.

The Extent of Affected Extensions

While Cyberhaven was the first to discover the breach, further investigation revealed that other popular Chrome extensions had also been compromised. These included AI-related extensions like “AI Assistant – ChatGPT and Gemini for Chrome” and “Bard AI Chat Extension,” VPN tools such as “VPNCity” and “Internxt VPN,” and productivity extensions like “VidHelper Video Downloader” and “Reader Mode.” These extensions spanned multiple categories, showing that the attack was both opportunistic and widespread.

Timeline of the Attack

The malicious code was active for approximately 25 hours, from December 24 to December 26, 2024. During this period, any Chrome installations that automatically updated their extensions were vulnerable to the attack. Cyberhaven detected the breach on Christmas Day and quickly removed the malicious extension

the permissions granted to extensions are often broad, allowing them to operate without strict oversight. This makes them a prime target for hackers who exploit these permissions to infiltrate systems and steal sensitive data.

The Role of Google in Addressing the Issue

Once Cyberhaven detected the malicious extension and removed it, Google took swift action. However, security experts emphasize that the presence of the compromised extension on user devices for 24 hours poses a significant risk. Even after the extension was removed from the Chrome Web Store, users who had already updated their browsers with the compromised extension remained vulnerable to continued data exfiltration. This highlights the challenges of securing browser extensions once they have been published and downloaded by users.

Why Was Cyberhaven Targeted?

Cyberhaven’s extension was likely targeted due to the nature of the company’s business. As a data protection company, it provides services to businesses that store and process sensitive information. This made it an appealing target for cybercriminals seeking access to corporate accounts, especially in the advertising and AI industries. The attackers were able to steal user credentials, which could then be used for malicious activities, such as unauthorized access to social media accounts or data manipulation.

The Broader Campaign: Multiple Extensions Affected

As cybersecurity experts continued their investigations, more extensions were discovered to be part of the same attack campaign. The malware was injected into a wide range of extensions across different categories. These included productivity tools, video downloaders, AI assistants, and even extensions offering cashback deals. The broad selection of affected extensions indicates that the attackers were casting a wide net, hoping to maximize the number of compromised users.

How Users Can Protect Themselves

In the wake of the breach, users are advised to take immediate steps to protect their data. This includes updating Chrome extensions to the latest versions, reviewing installed extensions to ensure they are from reputable sources, and being cautious about granting permissions to new or unfamiliar extensions. Users should also rotate passwords, particularly for accounts linked to social media or business platforms, and monitor their activity for any signs of suspicious behavior.

The Importance of Regular Updates and Vetting Extensions

This breach underscores the importance of regularly updating browser extensions and vetting their sources. While the Chrome Web Store conducts security reviews for new extensions, these measures are not foolproof. Developers must implement strong security practices, including periodic code audits, and ensure that they are using multi-factor authentication and other protective measures to safeguard their developer accounts.

Lessons for Extension Developers and Users

For extension developers, this attack serves as a wake-up call to prioritize security in their code and in the permissions they request. They must be vigilant against phishing attempts and implement safeguards to prevent unauthorized access to their accounts. For users, the attack highlights the need for greater caution when installing or updating extensions. It's crucial to scrutinize the permissions requested by extensions and avoid installing those that ask for unnecessary access to sensitive data.

Conclusion: A Wake-Up Call for Browser Security

This attack serves as a critical reminder of the vulnerabilities associated with browser extensions. While these tools enhance our browsing experience, they also present significant security risks if not properly managed. Both users and developers must adopt a more proactive approach to extension security, ensuring that they are continually updated, carefully monitored, and sourced from reputable developers. The Cyberhaven breach, and the subsequent exposure of other extensions, should serve as a catalyst for broader industry discussions on how to better secure browser extensions against evolving cyber threats.

FAQs

1. How do hackers compromise Chrome extensions?
Hackers often use phishing campaigns to gain access to developers' accounts on the Chrome Web Store. Once inside, they can inject malicious code into legitimate extensions, which is then distributed to users.

2. How can I tell if my Chrome extension has been compromised?
Check for unusual behavior in your browser, such as slow performance, unexpected pop-ups, or unauthorized actions in your online accounts. Ensure that all extensions are updated to the latest version, and uninstall any suspicious ones.

3. What should I do if my account has been compromised through a malicious extension?
Immediately update your passwords, enable multi-factor authentication, and review your account activity for any signs of suspicious behavior. It's also important to remove the compromised extension and report it to the appropriate authorities.

4. Are all Chrome extensions vulnerable to this kind of attack?
While most extensions are safe, any extension that requires extensive permissions, such as access to cookies or identity information, can be vulnerable if compromised. Always install extensions from trusted sources and carefully review the permissions they request.

5. Can Google prevent these types of attacks?
Google has taken steps to secure the Chrome Web Store by conducting security reviews for extensions. However, this attack shows that more comprehensive measures are needed, such as better monitoring for suspicious developer activity and improved extension vetting.

Source: Google News

Read more blogs: Alitech Blog

www.hostingbyalitech.com

www.patriotsengineering.com

www.engineer.org.pk

Tags : Chrome extension security, malicious code in Chrome extensions, phishing attack Chrome extensions, data theft from Chrome extensions, compromised browser extensions, Cyberhaven security breach, protecting browser extensions, Chrome Web Store phishing attack, security risks browser extensions, hackers hijack Chrome extensions, Chrome extension data exposure, securing Chrome extensions, preventing extension vulnerabilities, malicious extensions data theft, cybersecurity browser extensions

Posted in News on Dec 30, 2024



[Tips] Change Python Django Superuser password

Posted in Technical Solutions on May 06, 2022

[Tips] Change Python Django Superuser password



Mastering WooCommerce SEO: A Complete Guide to Optimize Your Online Store

Posted on Dec 05, 2024

Discover the ultimate guide to WooCommerce SEO and learn how to optimize your online store for better visibility, increased traffic, and higher sales with proven strategies and tools



How to Install Remote Desktop on Ubuntu 18.04.6 / Ubuntu 20.04.4 / Raspberry Pi / AMD64 / ARM64

Posted in Technical Solutions on Jun 29, 2022

How to Install Remote Desktop on Ubuntu 18.04.6 / Ubuntu 20.04.4 / Raspberry Pi / AMD64 / ARM64



US Election Results 2024: LIVE Updates on Trump's Lead in Key States

Posted in News on Nov 06, 2024

The 2024 US presidential election is becoming one of the most closely watched races in history. With former President Donald Trump facing Vice President Kamala Harris, early results indicate a tight race, especially in key battleground states. As the night unfolds, Trump leads in traditionally Republican states, but the outcome remains uncertain, with Nevada, North Carolina, and Georgia all still too close to call. Voters are anxiously awaiting final results, and Pennsylvania's outcome could very well determine the next president. Stay tuned for live updates on the election results and key developments.



Microsoft Disappoints With Slower Cloud Revenue Forecast

Posted in News on Oct 31, 2024

Microsoft, a giant in the tech industry, recently posted quarterly earnings that exceeded market expectations, but its cloud revenue growth left investors less than impressed. The announcement highlighted a forecast for slower growth in Azure, Microsoft’s cloud computing platform, sparking concerns about the company’s ability to keep up with surging demand for AI services. This shift has implications not just for Microsoft’s revenue trajectory but also for its position in the competitive tech landscape. Here’s a closer look at what’s behind this surprising turn of events



Google Now Offers Gemini App on iPhone

Posted in News on Nov 15, 2024

Google has launched a dedicated Gemini AI app for iPhone users, available for free in select countries. With features like Gemini Live, iPhone users can now interact with the AI assistant directly from the Lock Screen and Dynamic Island, allowing for easy access to conversational AI. While basic features are free, a Gemini Advanced subscription unlocks premium capabilities. The app is compatible with iPhones running iOS 16 and later, supports multiple languages, and offers a unique alternative to other AI voice assistants on iOS.



4 tips to enable Nested Virtualization like a PRO

Posted in Technical Solutions on Oct 17, 2021

Nested virtualization is used to enable, use or create virtual machines within virtual machines, consider Virtualbox is running CentOS virtual machine



California Governor Vetoes Major AI Safety Bill: What It Means for AI Regulation

Posted in News on Sep 30, 2024

California Governor Gavin Newsom has vetoed SB 1047, a major AI safety bill aimed at regulating advanced AI systems. The bill would have mandated safety measures like testing and a “kill switch” for high-risk AI models. Newsom argued that the legislation could hinder innovation and impose excessive regulations on AI companies. Tech giants such as Google and OpenAI supported the veto, fearing it would slow AI development. The decision has reignited the debate on finding the right balance between innovation and public safety in the rapidly evolving field of artificial intelligence.



Mastering Homework: A Guide to Effective Scheduling

Posted in Uncategorized on Jun 07, 2024

Learn how to schedule homework activities effectively to reduce stress, improve time management, and enhance academic performance



[SOLVED / FIXED ] ModuleNotFoundError: No module named 'setuptools_rust'

Posted in Technical Solutions on Apr 09, 2022

[SOLVED / FIXED ] ModuleNotFoundError: No module named 'setuptools_rust' Error: While installing docker-compose the following error can come up: ModuleNotFoundError: No module named 'setuptools_rust'



[SOLVED / FIXED] Django error 400 bad request

Posted in Technical Solutions on Jul 04, 2021

[SOLEVED] Django error 400 bad request



CES 2025: Samsung’s AI Robot Ballie Ready to Roll in 2025

Posted in News on Jan 07, 2025

Samsung’s AI-powered robot Ballie, a bright yellow rolling companion, is set to transform smart home technology in 2025. First introduced as a concept in 2020, Ballie combines cutting-edge AI personalization, advanced sensors, and seamless integration with smart home systems. Equipped with a built-in projector and Vision AI, it tailors its functions to suit individual lifestyles. From entertaining with movies and games to controlling devices through voice commands, Ballie acts as a versatile and interactive home assistant. Its official release marks a significant milestone in AI-driven living, offering a glimpse into the future of smarter, more connected homes.



Metro-Goldwyn-Mayer (MGM) Inks Cloud Computing Deal With Amazon in Search for "New Revenue Opportunities"

Posted in News on Feb 09, 2021

MGM (a private company) is set to move all of its content to Amazon’s cloud and use the tech giant’s software to modernize its media supply chain. Metro Goldwyn Mayer has signed a cloud computing agreement with Amazon Web Services to move its content and distribution efforts to the tech giant’s cloud. The James Bond studio is set to move all of its content to Amazon's cloud and use the tech giant's software to modernize its media supply chain.



Google Imagen 3 is Now Available for All Gemini Users

Posted in News on Oct 11, 2024

Google has once again pushed the boundaries of artificial intelligence with the release of Imagen 3, its most advanced image generation model to date. This powerful tool, now available to all users of Gemini, promises to revolutionize how we interact with AI-generated imagery by offering unmatched photorealism, vibrant colors, and enhanced control over prompts. But what exactly makes Imagen 3 stand out? Let's dive into all the exciting details of this cutting-edge technology



Everything You Need to Know About Meta Connect 2024

Posted in News on Sep 23, 2024

Meta Connect 2024, happening from September 25 to 26, promises to be a groundbreaking event in the world of augmented and virtual reality. Attendees can expect exciting announcements, including the anticipated Quest 3S headset, which aims to offer a more affordable VR experience, and the innovative Orion AR glasses designed for seamless augmented reality interactions. In addition to hardware, the conference will highlight advancements in artificial intelligence, potentially unveiling an upgraded version of the Llama language model to enhance user experiences across Meta’s platforms. With live-streamed keynotes and developer sessions, Meta Connect 2024 is set to shape the future of technology and the metaverse, making it a must-watch event for enthusiasts and developers alike.



Khan Academy Brings AI Tutor 'Khanmigo' to Pakistan: Revolutionizing Education

Posted in News on Dec 27, 2024

Khan Academy Pakistan (KAP) has launched an innovative AI-powered tutor, Khanmigo, to revolutionize education in Pakistan. This cutting-edge tool aims to enhance student learning and provide crucial support to teachers. With personalized assistance for students and resources like automated lesson planning for teachers, Khanmigo is set to address Pakistan’s educational challenges. The tool is available in multiple languages, ensuring accessibility across diverse regions. By offering world-class, localized education, Khan Academy Pakistan is helping bridge gaps in literacy, numeracy, and access to quality education for millions of students across the country.



This is really awesome!!! We are now ranking 🚀5th 👊😍

Posted in About Hosting by AliTech, Hosting Promotions on Jun 07, 2021

This is really awesome!!! We are now ranking 5th on TheWebHostingDir.com. To celebrate this we are giving away 5 Free Shared Hosting Accounts on first come first serve basis.



The Pros and Cons of Using a Free Web Hosting Service

Posted in Uncategorized on Jul 26, 2024

Choosing the right web hosting service is crucial for your online presence. Free web hosting might seem appealing, especially for startups and personal projects, but it's important to weigh its benefits and drawbacks. While cost-effective and user-friendly, free web hosting often comes with limitations in resources, performance, and security. Understanding these pros and cons can help you decide if free web hosting is the right choice for your website.




Other Blogs


[Tips] Change Python Django Superuser password

Posted in Technical Solutions on May 06, 2022 and updated on May 07, 2022

Mastering WooCommerce SEO: A Complete Guide to Optimize Your Online Store

Posted on Dec 05, 2024 and updated on Dec 05, 2024

US Election Results 2024: LIVE Updates on Trump's Lead in Key States

Posted in News on Nov 06, 2024 and updated on Nov 06, 2024

Microsoft Disappoints With Slower Cloud Revenue Forecast

Posted in News on Oct 31, 2024 and updated on Oct 31, 2024

Google Now Offers Gemini App on iPhone

Posted in News on Nov 15, 2024 and updated on Nov 15, 2024

4 tips to enable Nested Virtualization like a PRO

Posted in Technical Solutions on Oct 17, 2021 and updated on Oct 17, 2021

California Governor Vetoes Major AI Safety Bill: What It Means for AI Regulation

Posted in News on Sep 30, 2024 and updated on Sep 30, 2024

Mastering Homework: A Guide to Effective Scheduling

Posted in Uncategorized on Jun 07, 2024 and updated on Jun 07, 2024

[SOLVED / FIXED] Django error 400 bad request

Posted in Technical Solutions on Jul 04, 2021 and updated on Jul 28, 2021

CES 2025: Samsung’s AI Robot Ballie Ready to Roll in 2025

Posted in News on Jan 07, 2025 and updated on Jan 07, 2025

Google Imagen 3 is Now Available for All Gemini Users

Posted in News on Oct 11, 2024 and updated on Oct 11, 2024

Everything You Need to Know About Meta Connect 2024

Posted in News on Sep 23, 2024 and updated on Sep 23, 2024

Khan Academy Brings AI Tutor 'Khanmigo' to Pakistan: Revolutionizing Education

Posted in News on Dec 27, 2024 and updated on Dec 27, 2024

The Pros and Cons of Using a Free Web Hosting Service

Posted in Uncategorized on Jul 26, 2024 and updated on Jul 26, 2024

Google Now Offers Gemini App on iPhone

Posted in News on Nov 15, 2024

Google Now Offers Gemini App on iPhone

Posted in News on Nov 15, 2024







Comments

Please sign in to comment!






Subscribe To Our Newsletter

Stay in touch with us to get latest news and discount coupons