Summary: A Christmas Eve phishing attack led to the takeover of a Cyberhaven employee’s Google Chrome Web Store account, resulting in the publication of a malicious Chrome extension. This incident underscores significant gaps in browser security and the ongoing threat of extension poisoning, which is expected to persist. Experts believe this attack is part of two related campaigns targeting multiple extension developers to distribute harmful extensions.

Threat Actor: Unknown | unknown
Victim: Cyberhaven | Cyberhaven

Keypoints :

• The malicious extension was removed within an hour, but highlights ongoing security vulnerabilities in browser extensions.
• Two campaigns have been identified, one targeting cookie and password theft, and another focused on tracking user activity.
• Organizations are encouraged to manage browser extensions more effectively to mitigate risks associated with compromised extensions.