Cyber Security News

Cyberhaven Hacked – Chrome Extension With 400,000 users Compromised

Cyberhaven, a prominent cybersecurity company, disclosed that its Chrome extension With 400,000+ users was targeted in a malicious cyberattack on Christmas Eve 2024, as part of a broader campaign affecting multiple Chrome extension developers.

CEO Howard Ting announced the incident in a detailed transparency report, outlining the attack’s scope and the company’s response.

The breach occurred when attackers successfully executed a phishing attack, compromising an employee’s Google Chrome Web Store credentials.

The threat actors leveraged these credentials to deploy a malicious version (24.10.4) of Cyberhaven’s Chrome extension.

The company’s security team identified the compromise at 11:54 PM UTC on December 25 and swiftly removed the malicious package within 60 minutes.

The security incident’s impact was relatively contained, affecting only users who had their Chrome-based browsers auto-update between 1:32 AM UTC on December 25 and 2:50 AM UTC on December 26.

The malicious code potentially exposed cookies and authenticated sessions for specific targeted websites, primarily focusing on social media advertising and AI platforms.

Importantly, Cyberhaven confirmed that no other company systems, including CI/CD processes and code signing keys, were compromised.

Cyberhaven’s response was swift and comprehensive:

  • Affected customers were notified by 10:09 AM UTC on December 26
  • The compromised extension was removed from the Chrome Web Store
  • A secure version (24.10.5) was released and automatically deployed
  • An external incident response firm was engaged for forensic analysis
  • Federal law enforcement authorities were notified

Customer Advisory

Cyberhaven has advised customers who used version 24.10.4 during the affected period to:

  • Update their extension to version 24.10.5 or newer
  • Rotate all non-FIDOv2 passwords
  • Monitor logs for suspicious activities

“One of Cyberhaven’s core values is maximum transparency,” stated CEO Howard Ting. “We are committed to maintaining the trust of our customers and will continue to provide updates as our investigation proceeds.”

This incident highlights the increasing sophistication of cyber threats targeting security providers and the importance of rapid incident response, even during holiday periods.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

Also Read:

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Leave a Comment
Share
Published by
Balaji
Tags: computer securitycyber securityCyber Security News
3 days ago

Recent Posts

DrayTek Devices Vulnerability Let Attackers Arbitrary Commands Remotely

The DrayTek Gateway devices, more specifically the Vigor2960 and Vigor300B models, are susceptible to a…

36 minutes ago

New Stealthy Malware Leveraging SSH Over TOR Attacking Ukrainian Military

Researchers recently discovered a malicious campaign targeting Ukrainian military personnel through fake "Army+" application websites,…

42 minutes ago

CISA Warns of Palo Alto Networks PAN-OS Vulnerability Exploited in Wild

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert on a…

1 day ago

US Treasury Department Breach, Hackers Accessed Workstations

The Biden administration confirmed that a Chinese state-sponsored hacking group breached the U.S. Treasury Department,…

1 day ago

TrueNAS CORE Vulnerability Let Attackers Execute Remote Code

Security researchers Daan Keuper, Thijs Alkemade, and Khaled Nassar from Computest Sector 7 disclosed a…

1 day ago

New Botnet Exploiting D-Link Routers To Gain Control Remotely

Researchers observed a recent surge in activity from the "FICORA" and "CAPSAICIN," both variants of…

2 days ago