Gadget Insiders
  • Android
  • Apple
  • Gaming
  • iOS
  • PC
  • Phones
  • Playstation
  • Reviews
  • Samsung
  • Xbox
No Result
View All Result
  • Android
  • Apple
  • Gaming
  • iOS
  • PC
  • Phones
  • Playstation
  • Reviews
  • Samsung
  • Xbox
No Result
View All Result
Gadget Insiders
No Result
View All Result
Home Google

Over Half a Million Hit by Hacking – Unveiling the Recent Chrome Extension Scam Impacting Users Worldwide

Prashant Chaudhary by Prashant Chaudhary
January 2, 2025
in Google, News
Reading Time: 2 mins read
0
Over Half a Million Hit by Hacking: Unveiling the Recent Chrome Extension Scam Impacting Users Worldwide

In late December, a significant cyber threat was detected when Cyberhaven, a notable cybersecurity firm, fell victim to a phishing attack. The culprits targeted Chrome extension publishers via deceptive emails that feigned urgency, warning the recipients about potential removal from the Chrome Web Store due to policy violations. This cunning approach led to the unauthorized access of extension developers’ accounts, paving the way for the attackers to inject malicious code into these extensions.

Or Eshed, CEO of LayerX Security, highlighted the vulnerability, stating, “Browser extensions are the soft underbelly of web security.” He underscored the extensive permissions these extensions often require, accessing sensitive user data such as cookies and identity information.

Over Half a Million Hit by Hacking: Unveiling the Recent Chrome Extension Scam Impacting Users Worldwide
Alert: Over 600,000 Users Compromised in Latest Chrome Extension Hack

The Scope of the Breach

The hacked extensions included widely-used tools such as AI assistants, VPN services, and various utility extensions designed to enhance browser functionality. Some notable names affected were:

  • AI Assistant – ChatGPT and Gemini for Chrome
  • Bard AI Chat Extension
  • GPT 4 Summary with OpenAI
  • Search Copilot AI Assistant for Chrome
  • TinaMInd AI Assistant
  • Wayin AI
  • VPNCity
  • Internxt VPN

This breach not only compromised the privacy of over 600,000 users but also exposed them to potential data theft, including cookie and token theft that could bypass web security measures.

Investigative Findings and Ongoing Threats

John Tuckner, founder of Secure Annex, provided insights into the investigation, revealing that the malicious code used in the Cyberhaven incident was linked to other compromised extensions. He discovered connections to domains that were registered much earlier, suggesting that this campaign might have been active long before it was uncovered.

Over Half a Million Hit by Hacking: Unveiling the Recent Chrome Extension Scam Impacting Users Worldwide
Breaking Down the Chrome Extensions Breach: How Safe is Your Data

The compromised extensions communicated with a command-and-control server, which facilitated further malicious activities such as downloading harmful configuration files and exfiltrating user data. Despite the removal of these malicious extensions from the Chrome Web Store, the danger persists. “As long as the compromised version of the extension is still live on the endpoint, hackers can still access it and exfiltrate data,” warned Or Eshed.

The Industry’s Response and Preventative Measures

The cybersecurity community has rallied to address this severe breach by enhancing the security measures surrounding browser extensions. Security experts emphasize the necessity for users and organizations to be vigilant about the extensions they install and to conduct regular audits of their digital tools.

Jamie Blasco, CTO of Nudge Security, pointed out that additional domains were discovered, all linked to the same IP address used by the attackers, indicating an extensive infrastructure set up for long-term data exploitation.

Over Half a Million Hit by Hacking: Unveiling the Recent Chrome Extension Scam Impacting Users Worldwide
Inside the Phishing Scam that Hacked 16 Popular Chrome Extensions

This incident serves as a stark reminder of the vulnerabilities inherent in the digital tools we often take for granted. It underscores the need for continuous vigilance and enhanced security protocols to protect user data from such sophisticated cyber threats. As we await further updates from ongoing investigations, the cybersecurity community remains on high alert, working to safeguard the integrity of our digital experience against an ever-evolving threat landscape.

Tags: browser hacksChrome extensionscredential theftCybersecurityData Breachphishing attacksweb security

TRENDING

Google’s Gemini AI to Transform Your Car with Android Auto

Google’s Gemini AI to Transform Your Car with Android Auto

May 15, 2025
Google Set to Launch Pinterest-Like Feature at I/O 2025 to Change How We Search

Google Set to Launch Pinterest-Like Feature at I/O 2025 to Change How We Search

May 15, 2025
Samsung's New Galaxy S25 Edge Is the Slimmest Smartphone Yet – A Bold Move to Beat Apple

Samsung’s New Galaxy S25 Edge Is the Slimmest Smartphone Yet – A Bold Move to Beat Apple

May 15, 2025
60+ Gaming Consoles and Platforms Compared

60+ Gaming Consoles and Platforms Compared

May 15, 2025
75+ Smart Home Gadgets That Work with Google Home

75+ Smart Home Gadgets That Work with Google Home

May 15, 2025
iOS 19 Aims to Fix Bugs and Introduce a Fresh Look – What We Can Expect

iOS 19 Aims to Fix Bugs and Introduce a Fresh Look – What We Can Expect

May 15, 2025
Nintendo’s New EULA Update Makes It Harder for Users to Sue Over Issues Like Joy-Con Drift

Nintendo’s New EULA Update Makes It Harder for Users to Sue Over Issues Like Joy-Con Drift

May 11, 2025
LegoGPT Lets You Create Real Lego Designs from Text – Here’s How It Works

LegoGPT Lets You Create Real Lego Designs from Text – Here’s How It Works

May 11, 2025
  • Contact Us
  • Terms
  • Privacy
  • Copyright
  • About Us
  • Fact Checking Policy
  • Corrections Policy
  • Ethics Policy

Copyright © 2023 GadgetInsiders.com

No Result
View All Result
  • Android
  • Apple
  • Gaming
  • iOS
  • PC
  • Phones
  • Playstation
  • Reviews
  • Samsung
  • Xbox

Copyright © 2023 GadgetInsiders.com.