softare development

Hackers Inject Malicious Code into Chrome Extensions in Bold New Attack

This month, hackers successfully modified several Chrome extensions with malicious code after infiltrating admin accounts through a phishing campaign. According to a blog post by cybersecurity company Cyberhaven, their Chrome extension was compromised on December 24 in an attack aimed at logins for specific social media advertising and AI platforms. Reuters reported that other extensions, including ParrotTalks, Uvoice, and VPNCity, were also targeted in similar attacks starting in mid-December, according to Jaime Blasco of Nudge Security.

Cyberhaven alerted its customers on December 26 via email, recommending immediate revocation and rotation of passwords and other credentials. The company’s investigation revealed that the compromised extension targeted Facebook Ads users, aiming to steal sensitive data like access tokens, user IDs, cookies, and other account information. The malicious code also added a mouse click listener, enabling attackers to handle two-factor authentication (2FA) challenges. “After sending the data to the [Command & Control] server, the Facebook user ID is stored in browser storage and used during mouse click events to assist attackers with 2FA if required,” Cyberhaven explained in its analysis.

The breach was detected by Cyberhaven on December 25, and the company swiftly removed the malicious extension version within an hour. A clean, secure version of the extension has since been deployed.

Start Learning cybersecurity

Recent Posts

Trump Extends U.S. TikTok Sale Deadline to September 2025

In a surprising turn of events, former President Donald Trump announced on June 19, 2025,…

1 week ago

Master React Native Flexbox

Flexbox is a powerful layout system in React Native that allows developers to create responsive…

2 weeks ago

Getting Started With TensorFlow

"The journey of a thousand miles begins with a single step." — Lao Tzu Welcome…

2 weeks ago

Your Mind is a Supercomputer

We often describe ourselves as "processing" information, "rebooting" after a bad day, or feeling "overloaded"…

3 weeks ago

What is a QR Code And How to Create One

QR codes have evolved from a niche tracking technology to an indispensable digital connector, seamlessly…

4 weeks ago

Will AI Replace Software Developers?

Artificial Intelligence (AI) has made remarkable progress in recent years, transforming industries such as healthcare,…

1 month ago