Cyber Security News

Cyberhaven Hacked – Chrome Extension With 400,000 users Compromised

Cyberhaven, a prominent cybersecurity company, disclosed that its Chrome extension With 400,000+ users was targeted in a malicious cyberattack on Christmas Eve 2024, as part of a broader campaign affecting multiple Chrome extension developers.

CEO Howard Ting announced the incident in a detailed transparency report, outlining the attack’s scope and the company’s response.

The breach occurred when attackers successfully executed a phishing attack, compromising an employee’s Google Chrome Web Store credentials.

The threat actors leveraged these credentials to deploy a malicious version (24.10.4) of Cyberhaven’s Chrome extension.

The company’s security team identified the compromise at 11:54 PM UTC on December 25 and swiftly removed the malicious package within 60 minutes.

The security incident’s impact was relatively contained, affecting only users who had their Chrome-based browsers auto-update between 1:32 AM UTC on December 25 and 2:50 AM UTC on December 26.

The malicious code potentially exposed cookies and authenticated sessions for specific targeted websites, primarily focusing on social media advertising and AI platforms.

Importantly, Cyberhaven confirmed that no other company systems, including CI/CD processes and code signing keys, were compromised.

Cyberhaven’s response was swift and comprehensive:

  • Affected customers were notified by 10:09 AM UTC on December 26
  • The compromised extension was removed from the Chrome Web Store
  • A secure version (24.10.5) was released and automatically deployed
  • An external incident response firm was engaged for forensic analysis
  • Federal law enforcement authorities were notified

Customer Advisory

Cyberhaven has advised customers who used version 24.10.4 during the affected period to:

  • Update their extension to version 24.10.5 or newer
  • Rotate all non-FIDOv2 passwords
  • Monitor logs for suspicious activities

“One of Cyberhaven’s core values is maximum transparency,” stated CEO Howard Ting. “We are committed to maintaining the trust of our customers and will continue to provide updates as our investigation proceeds.”

This incident highlights the increasing sophistication of cyber threats targeting security providers and the importance of rapid incident response, even during holiday periods.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

Also Read:

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Leave a Comment
Share
Published by
Balaji
Tags: computer securitycyber securityCyber Security News
4 months ago

Recent Posts

BPFDoor Malware Uses Reverse Shell to Expand Control Over Compromised Networks

A new wave of cyber espionage attacks has brought BPFDoor malware into the spotlight as…

7 hours ago

EU’s GDPR Article 7 Poses New Challenges for Businesses To Secure AI-Generated Image Data

As businesses worldwide embrace digital transformation, the European Union’s General Data Protection Regulation (GDPR), enacted…

8 hours ago

Morocco Investigation Major Data Breach Allegedly Claimed by Algerian Hackers

The National Social Security Fund (CNSS) of Morocco has confirmed that initial checks on leaked…

8 hours ago

Smishing Campaign Hits Toll Road Users with $5 Payment Scam

Cybersecurity researchers at Cisco Talos have uncovered a large-scale smishing campaign targeting toll road users…

8 hours ago

IBM Aspera Faspex Flaw Allows Injection of Malicious JavaScript in Web UI

A significant security vulnerability has been identified in IBM Aspera Faspex 5, a popular file…

8 hours ago

Chinese APT Group Targets Ivanti VPN Vulnerabilities to Breach Networks

In a concerning report from cybersecurity firm TeamT5, it has been revealed that a Chinese…

9 hours ago