Gadget Insiders
  • Android
  • Apple
  • Gaming
  • iOS
  • PC
  • Phones
  • Playstation
  • Reviews
  • Samsung
  • Xbox
No Result
View All Result
  • Android
  • Apple
  • Gaming
  • iOS
  • PC
  • Phones
  • Playstation
  • Reviews
  • Samsung
  • Xbox
No Result
View All Result
Gadget Insiders
No Result
View All Result
Home Google

Over Half a Million Hit by Hacking – Unveiling the Recent Chrome Extension Scam Impacting Users Worldwide

Prashant Chaudhary by Prashant Chaudhary
January 2, 2025
in Google, News
Reading Time: 2 mins read
0
Over Half a Million Hit by Hacking: Unveiling the Recent Chrome Extension Scam Impacting Users Worldwide

In late December, a significant cyber threat was detected when Cyberhaven, a notable cybersecurity firm, fell victim to a phishing attack. The culprits targeted Chrome extension publishers via deceptive emails that feigned urgency, warning the recipients about potential removal from the Chrome Web Store due to policy violations. This cunning approach led to the unauthorized access of extension developers’ accounts, paving the way for the attackers to inject malicious code into these extensions.

Or Eshed, CEO of LayerX Security, highlighted the vulnerability, stating, “Browser extensions are the soft underbelly of web security.” He underscored the extensive permissions these extensions often require, accessing sensitive user data such as cookies and identity information.

Over Half a Million Hit by Hacking: Unveiling the Recent Chrome Extension Scam Impacting Users Worldwide
Alert: Over 600,000 Users Compromised in Latest Chrome Extension Hack

The Scope of the Breach

The hacked extensions included widely-used tools such as AI assistants, VPN services, and various utility extensions designed to enhance browser functionality. Some notable names affected were:

  • AI Assistant – ChatGPT and Gemini for Chrome
  • Bard AI Chat Extension
  • GPT 4 Summary with OpenAI
  • Search Copilot AI Assistant for Chrome
  • TinaMInd AI Assistant
  • Wayin AI
  • VPNCity
  • Internxt VPN

This breach not only compromised the privacy of over 600,000 users but also exposed them to potential data theft, including cookie and token theft that could bypass web security measures.

Investigative Findings and Ongoing Threats

John Tuckner, founder of Secure Annex, provided insights into the investigation, revealing that the malicious code used in the Cyberhaven incident was linked to other compromised extensions. He discovered connections to domains that were registered much earlier, suggesting that this campaign might have been active long before it was uncovered.

Over Half a Million Hit by Hacking: Unveiling the Recent Chrome Extension Scam Impacting Users Worldwide
Breaking Down the Chrome Extensions Breach: How Safe is Your Data

The compromised extensions communicated with a command-and-control server, which facilitated further malicious activities such as downloading harmful configuration files and exfiltrating user data. Despite the removal of these malicious extensions from the Chrome Web Store, the danger persists. “As long as the compromised version of the extension is still live on the endpoint, hackers can still access it and exfiltrate data,” warned Or Eshed.

The Industry’s Response and Preventative Measures

The cybersecurity community has rallied to address this severe breach by enhancing the security measures surrounding browser extensions. Security experts emphasize the necessity for users and organizations to be vigilant about the extensions they install and to conduct regular audits of their digital tools.

Jamie Blasco, CTO of Nudge Security, pointed out that additional domains were discovered, all linked to the same IP address used by the attackers, indicating an extensive infrastructure set up for long-term data exploitation.

Over Half a Million Hit by Hacking: Unveiling the Recent Chrome Extension Scam Impacting Users Worldwide
Inside the Phishing Scam that Hacked 16 Popular Chrome Extensions

This incident serves as a stark reminder of the vulnerabilities inherent in the digital tools we often take for granted. It underscores the need for continuous vigilance and enhanced security protocols to protect user data from such sophisticated cyber threats. As we await further updates from ongoing investigations, the cybersecurity community remains on high alert, working to safeguard the integrity of our digital experience against an ever-evolving threat landscape.

Tags: browser hacksChrome extensionscredential theftCybersecurityData Breachphishing attacksweb security

TRENDING

GitHub Launches New AI Agent to Fix Bugs, Add Features, and Revolutionize Coding for Developers---

GitHub Launches New AI Agent to Fix Bugs, Add Features, and Revolutionize Coding for Developers

May 23, 2025
Apple Delays Major AirPods Updates Until 2026, No New AirPods Pro in 2025

Apple Delays Major AirPods Updates Until 2026, No New AirPods Pro in 2025

May 23, 2025
Apple to Let EU Users Switch from Siri to Google Assistant or AlexaApple to Let EU Users Switch from Siri to Google Assistant or Alexa

Apple to Let EU Users Switch from Siri to Google Assistant or Alexa

May 23, 2025
Take-Two CEO Confirms Short Delay for GTA 6, No Further Postponements Expected

Take-Two CEO Confirms Short Delay for GTA 6, No Further Postponements Expected

May 23, 2025
Bluesky Tests New 'Live' Feature to Link Sports and Livestreams Directly from Profiles

Bluesky Tests New ‘Live’ Feature to Link Sports and Livestreams Directly from Profiles

May 23, 2025
iPhone 17 Air Leaked Battery and Weight Details Spark Excitement Ahead of Launch

iPhone 17 Air – Leaked Battery and Weight Details Spark Excitement Ahead of Launch

May 23, 2025
Qualcomm Snapdragon 8 Elite 2: What to Expect from the 2025 Flagship SoC

Qualcomm Snapdragon 8 Elite 2 – What to Expect from the 2025 Flagship SoC

May 23, 2025
Epic Games Takes Apple to Court to Bring Fortnite Back to iOS Store

Epic Games Takes Apple to Court to Bring Fortnite Back to iOS Store

May 23, 2025
  • Contact Us
  • Terms
  • Privacy
  • Copyright
  • About Us
  • Fact Checking Policy
  • Corrections Policy
  • Ethics Policy

Copyright © 2023 GadgetInsiders.com

No Result
View All Result
  • Android
  • Apple
  • Gaming
  • iOS
  • PC
  • Phones
  • Playstation
  • Reviews
  • Samsung
  • Xbox

Copyright © 2023 GadgetInsiders.com.