Hackers take over Google Chrome extensions in cyberattack

Some companies received something worse than a lump of coal from Santa this Christmas: Hackers attacking their Chrome extensions.

Hackers hijacked a number of Chrome extensions this past week, according to a new report from Reuters. The attack was first noticed by cyber security company Cyberhaven, which was one of the companies affected by the hack.

In a blog post from Cyberhaven, the company says the cyberattack inserted malicious code into these Chrome extensions in an attempt to steal user data such as web browser cookies and authentication. The hackers appear to have specifically been looking to obtain access to social media advertising accounts, specifically Facebook Ads accounts, and AI platform credentials.

This Tweet is currently unavailable. It might be loading or has been removed.

According to Cyberhaven, the hackers pushed an updated version of its Chrome extension with the malicious code to users on Christmas Eve. The company became aware of the hack on Christmas Day and immediately pushed out a fix within an hour. The company began informing users of the hack on Friday morning with an email notification.

Other Chrome extensions confirmed to have been injected with the malicious code include Internxt VPN, ParrotTalks, Uvoice, and VPNCity. Each of these Chrome extensions has tens of thousands of users, according to the public stats on the Chrome Web Store.

The attack began after a hacker successfully targeted a Cyberhaven employee via a phishing email that was sent to Chrome extension developers. The employee, believing the email was an official Google contact, clicked the email and input their login credentials on the phishing page.

Cyberhaven doesn't believe the attackers were targeting any specific companies, but rather sending out a mass phishing campaign and then going forward with any recipient that clicked through.

At this time, it's unclear as to how many users of these Chrome extensions have been affected.