Chrome Extension Hack Leads to Data Theft: How to Browse Safely
AVP SUITE
January 14,2025
6 mins
Chrome Extension Hack Leads to Data Theft: How to Browse Safely
A sophisticated attack campaign has compromised at least 35 popular Chrome browser extensions, exposing more than 2.6 million users to data theft and credential misuse risks. Cybersecurity experts have revealed malicious actors infiltrated legitimate extensions to execute their plans, marking a concerning escalation in browser extension security threats.
Let’s know more about it. Keep reading!
| Table of Contents!
Phishing Campaign Targets Extension Developers Extensions Turn into Data Theft Tools A Campaign Months in the Making What’s Next? How AVP Suite Enhances Browsing Security and Data Protection Key Takeaway! |
Phishing Campaign Targets Extension Developers
The attack began with a phishing campaign targeting Chrome Web Store extension publishers. Cybercriminals sent emails mimicking Google Chrome Web Store Developer Support, warning recipients about potential policy violations and urging them to click a link to accept the updated terms. Instead, victims were redirected to grant permissions to a malicious OAuth application named “Privacy Policy Extension.”
Once access was secured, attackers uploaded compromised versions of legitimate extensions to the Chrome Web Store. Cyberhaven, a cybersecurity firm, was among the first to detect the breach after one of its employees fell victim to the phishing attack on December 24. The attackers subsequently modified Cyberhaven’s browser extension to communicate with an external command-and-control (C&C) server at cyberhavenext[.]pro, exfiltrating user data and downloading additional malicious files.
Extensions Turn into Data Theft Tools
The compromised extensions, including popular tools like AI Assistant – ChatGPT and Gemini for Chrome, VPNCity, and ChatGPT for Google Meet, were manipulated to harvest sensitive information. Cybercriminals gained access to cookies, access tokens, and even identity data. According to Or Eshed, CEO of LayerX Security, “Browser extensions are the soft underbelly of web security. While they seem harmless, they often have extensive permissions to sensitive user information.”
Jamie Blasco, CTO of Nudge Security, identified further compromised domains linked to the same C&C server, suggesting that Cyberhaven’s breach was part of a larger campaign. Analysis also uncovered evidence of malicious code in other extensions like Reader Mode and Rewards Search Automator, which exfiltrated data under the guise of “safe-browsing” or “ecommerce” functionalities.
One key tactic was targeting Facebook users. Malicious code in the Cyberhaven extension specifically sought to identify and exfiltrate QR codes on the Facebook website, likely to bypass security measures like two-factor authentication.
Related Read: Adware 101: How AVP Suite Browser Extension Shields Data
A Campaign Months in the Making
John Tuckner, founder of Secure Annex, traced the campaign back to domains registered as early as 2021. He discovered that some compromised extensions contained multiple layers of malicious code and linked these findings to other extensions in the attack chain.
Interestingly, not all data gathering was due to external compromises. Security researcher Wladimir Palant revealed that some developers included monetization software development kits (SDKs) in their extensions, which stealthily exfiltrated detailed browsing data. For instance, before selling the Visual Effects for Google Meet extension, its developer integrated an ad-blocking library linked to Urban VPN for monetization.
What’s Next?
The malicious extensions have been removed or updated in the Chrome Web Store, but the threat remains. “The fact the extension was removed doesn’t mean the exposure is over,” warned Eshed. “As long as the compromised version is still live on users’ devices, hackers can continue exploiting it.”
The identities of the attackers and their motivations remain unclear. Google has been contacted for further comment, but as of now, no definitive connection between the breaches has been established.
This incident underscores the importance of scrutinizing browser extensions and limiting their permissions. As browser security experts warn, even trusted tools can become vehicles for malicious activity.
Want to Read the Latest Cybersecurity News?Stay Updated with AVP Daily |
How AVP Suite Enhances Browsing Security and Data Protection
AVP Suite empowers customers with safer browsing via its robust AVP Chrome Extension, ensuring real-time safety against malicious websites and phishing attacks. With advanced online security and privacy functions, it guarantees your private information stays secure while surfing.
Discover how AVP Suite transforms everyday browsing into a worry-free journey with cutting-edge technology:
-
Malicious URL Scanner
AVP Online Security & Privacy actively scans URLs for threats, ensuring that every internet site you visit is secure. This feature blocks access to dangerous websites hosting malicious content or phishing traps, improving your online security.
-
Website Blocker
AVP Suite’s Chrome safety extensions block dangerous websites and prevent access to unstable domain names, ensuring secure browsing is enjoyed. This protection safeguards against malicious browser extensions and questionable web content material.
-
Ad Blocker
With an integrated ad block, AVP Suite eliminates intrusive advertisements, ensuring distraction-free browsing. This feature now not only improves your browsing speed but also protects you from commercials containing malware.
-
Phishing URL Protection
Real-time phishing protection detects and flags suspicious URLs designed to steal sensitive data. AVP Suite stops phishing scams before they can compromise your safety.
-
File Scan
All downloaded documents are automatically scanned through AVP Suite, ensuring they’re free from malware, ransomware, or hidden threats. This function provides an extra layer of protection while interacting with online content material.
-
Anti-Tracking Features
AVP Suite prevents trackers from gathering your online activity data. This antivirus browser extension protects your privacy by stopping websites from monitoring your behavior and using it for unauthorized purposes.
Read More: Top 9 Unmissable Signs to Have Parental Control Software
-
Dark Web Monitoring
The AVP Suite monitors the dark web for any signs of compromised credentials or sensitive data, allowing you to act swiftly in case of potential breaches.
-
Cookie Protection
AVP Suite’s cookie safety guarantees dangerous cookies are blocked, preventing them from monitoring your digital footprint or exploiting personal data.
-
Digital Identity and Login Protection
Safeguard your credentials with AVP Suite’s strong Chrome browser extensions–AVP Online Security & Privacy. It encrypts and protects your logins, making sure you securely get the right of entry to your accounts.
-
Comprehensive Chrome Security
Designed to enhance Chrome Web Store Security, AVP Suite integrates seamlessly with your browser. Its versatile features ensure safe and secure browsing while minimizing the risks of malicious browser extensions.
AVP Suite provides unmatched security, offering an all-encompassing solution for data protection and safe browsing.
Key Takeaway!
Hackers may exploit Chrome extensions to steal sensitive data, but you don’t have to be their next victim. AVP Online Security & Privacy offers a robust shield against such threats, ensuring a secure and seamless browsing experience. From scanning malicious URLs to blocking phishing attempts and preventing data theft, it’s the all-in-one solution you need to safeguard your digital world.
Browse confidently with AVP Online Security & Privacy. Get started now.
A sophisticated attack campaign has compromised at least 35 popular Chrome browser extensions, exposing more than 2.6 million users to data theft and credential misuse risks. Cybersecurity experts have revealed malicious actors infiltrated legitimate extensions to execute their plans, marking a concerning escalation in browser extension security threats.
Let’s know more about it. Keep reading!
Phishing Campaign Targets Extension Developers
The attack began with a phishing campaign targeting Chrome Web Store extension publishers. Cybercriminals sent emails mimicking Google Chrome Web Store Developer Support, warning recipients about potential policy violations and urging them to click a link to accept the updated terms. Instead, victims were redirected to grant permissions to a malicious OAuth application named “Privacy Policy Extension.”
Once access was secured, attackers uploaded compromised versions of legitimate extensions to the Chrome Web Store. Cyberhaven, a cybersecurity firm, was among the first to detect the breach after one of its employees fell victim to the phishing attack on December 24. The attackers subsequently modified Cyberhaven’s browser extension to communicate with an external command-and-control (C&C) server at cyberhavenext[.]pro, exfiltrating user data and downloading additional malicious files.
Extensions Turn into Data Theft Tools
The compromised extensions, including popular tools like AI Assistant – ChatGPT and Gemini for Chrome, VPNCity, and ChatGPT for Google Meet, were manipulated to harvest sensitive information. Cybercriminals gained access to cookies, access tokens, and even identity data. According to Or Eshed, CEO of LayerX Security, “Browser extensions are the soft underbelly of web security. While they seem harmless, they often have extensive permissions to sensitive user information.”
Jamie Blasco, CTO of Nudge Security, identified further compromised domains linked to the same C&C server, suggesting that Cyberhaven’s breach was part of a larger campaign. Analysis also uncovered evidence of malicious code in other extensions like Reader Mode and Rewards Search Automator, which exfiltrated data under the guise of “safe-browsing” or “ecommerce” functionalities.
One key tactic was targeting Facebook users. Malicious code in the Cyberhaven extension specifically sought to identify and exfiltrate QR codes on the Facebook website, likely to bypass security measures like two-factor authentication.
Related Read: Adware 101: How AVP Suite Browser Extension Shields Data
A Campaign Months in the Making
John Tuckner, founder of Secure Annex, traced the campaign back to domains registered as early as 2021. He discovered that some compromised extensions contained multiple layers of malicious code and linked these findings to other extensions in the attack chain.
Interestingly, not all data gathering was due to external compromises. Security researcher Wladimir Palant revealed that some developers included monetization software development kits (SDKs) in their extensions, which stealthily exfiltrated detailed browsing data. For instance, before selling the Visual Effects for Google Meet extension, its developer integrated an ad-blocking library linked to Urban VPN for monetization.
What’s Next?
The malicious extensions have been removed or updated in the Chrome Web Store, but the threat remains. “The fact the extension was removed doesn’t mean the exposure is over,” warned Eshed. “As long as the compromised version is still live on users’ devices, hackers can continue exploiting it.”
The identities of the attackers and their motivations remain unclear. Google has been contacted for further comment, but as of now, no definitive connection between the breaches has been established.
This incident underscores the importance of scrutinizing browser extensions and limiting their permissions. As browser security experts warn, even trusted tools can become vehicles for malicious activity.
How AVP Suite Enhances Browsing Security and Data Protection
AVP Suite empowers customers with safer browsing via its robust AVP Chrome Extension, ensuring real-time safety against malicious websites and phishing attacks. With advanced online security and privacy functions, it guarantees your private information stays secure while surfing.
Discover how AVP Suite transforms everyday browsing into a worry-free journey with cutting-edge technology:
1. Malicious URL Scanner
AVP Online Security & Privacy actively scans URLs for threats, ensuring that every internet site you visit is secure. This feature blocks access to dangerous websites hosting malicious content or phishing traps, improving your online security.
2. Website Blocker
AVP Suite’s Chrome safety extensions block dangerous websites and prevent access to unstable domain names, ensuring secure browsing is enjoyed. This protection safeguards against malicious browser extensions and questionable web content material.
3. Ad Blocker
With an integrated ad block, AVP Suite eliminates intrusive advertisements, ensuring distraction-free browsing. This feature now not only improves your browsing speed but also protects you from commercials containing malware.
4. Phishing URL Protection
Real-time phishing protection detects and flags suspicious URLs designed to steal sensitive data. AVP Suite stops phishing scams before they can compromise your safety.
5. File Scan
All downloaded documents are automatically scanned through AVP Suite, ensuring they’re free from malware, ransomware, or hidden threats. This function provides an extra layer of protection while interacting with online content material.
6. Anti-Tracking Features
AVP Suite prevents trackers from gathering your online activity data. This antivirus browser extension protects your privacy by stopping websites from monitoring your behavior and using it for unauthorized purposes.
Read More: Top 9 Unmissable Signs to Have Parental Control Software
7. Dark Web Monitoring
The AVP Suite monitors the dark web for any signs of compromised credentials or sensitive data, allowing you to act swiftly in case of potential breaches.
8. Cookie Protection
AVP Suite’s cookie safety guarantees dangerous cookies are blocked, preventing them from monitoring your digital footprint or exploiting personal data.
9. Digital Identity and Login Protection
Safeguard your credentials with AVP Suite’s strong Chrome browser extensions–AVP Online Security & Privacy. It encrypts and protects your logins, making sure you securely get the right of entry to your accounts.
10. Comprehensive Chrome Security
Designed to enhance Chrome Web Store Security, AVP Suite integrates seamlessly with your browser. Its versatile features ensure safe and secure browsing while minimizing the risks of malicious browser extensions.
AVP Suite provides unmatched security, offering an all-encompassing solution for data protection and safe browsing.
Key Takeaway!
Hackers may exploit Chrome extensions to steal sensitive data, but you don’t have to be their next victim. AVP Online Security & Privacy offers a robust shield against such threats, ensuring a secure and seamless browsing experience. From scanning malicious URLs to blocking phishing attempts and preventing data theft, it’s the all-in-one solution you need to safeguard your digital world.
Browse confidently with AVP Online Security & Privacy. Get started now.
Trust AVP Suite for protection against data breaches.
Claim Your Free Trial!
