Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Hackers say they were able to replace several Chrome extensions with malicious code this month after gaining access to admin accounts through a phishing campaign. Cybersecurity company Cyberhaven shared a this weekend that its Chrome extension was compromised on December 24 in an attack that appeared to be “targeting TV advertising and AI platforms.” A few more additions were also struck, back in mid-December, report. According to Nudge Security’s which includes ParrotTalks, Uvoice and VPNCity.
Cyberhaven informed its customers on December 26 in an email seen by which instructed them to remove and convert passwords and other information. The company’s initial investigation into the incident found that the malicious extension targeted Facebook Ads users, with the aim of stealing information such as tokens, IDs and other account information, along with cookies. The code also added a mouse click listener. “After successfully sending all the data to the (Command & Control) server, the Facebook user ID is stored in the browser’s storage,” Cyberhaven said in an investigation. “The user’s identity is used in mouse settings to support 2FA users on their side if needed.”
Cyberhaven said they first discovered the breach on December 25 and were able to remove the malicious version within an hour. It has been pushing the white out.
