Hackers attempted to steal data by hijacking legitimate Chrome extensions.

The cyber attack campaign has been injecting malware into several Chrome browser extensions since mid-December. Reuters I reported it yesterday. The code was designed to target “certain social media advertising and AI platforms,” ​​stealing browser cookies and authentication sessions, according to a blog post from Cyberhaven, one of the targeted companies.

Cyberhaven blames phishing emails for the attack, writing in a separate technical analysis post that the code appears to specifically target Facebook advertising accounts. According to Reuters, sSecurity researcher Jaime Blasco believes the attack was “simply random” and did not specifically target Cyberhaven. He posted to

Cyberhaven said hackers pushed an update (version 24.10.4) for the Cyberhaven Data Loss Prevention extension that contained malware at 8:32 PM ET on Christmas Eve. Cyberhaven said it discovered the code at 6:54 PM ET on December 25 and removed it within an hour, but the code remained active until 9:50 PM ET on December 25. The company said it has released a clean version in the 24.10.5 update.

Cyberhaven’s recommendations for companies that may be affected include checking logs for suspicious activity and revoking or replacing passwords that do not use the FIDO2 multi-factor authentication standard. Prior to posting, the company notified customers via email: Tech Crunch It was reported Friday morning.