Cyber firm’s Chrome extension hijacked to steal user passwords

Topics

Latest

AI

Amazon

Image Credits:Thomas Trutschel / Photothek / Getty Images

Apps

Biotech & Health

Climate

Cloud Computing

DoC

Crypto

Enterprise

EVs

Fintech

fund-raise

Gadgets

Gaming

Google

Government & Policy

Hardware

Instagram

layoff

Media & Entertainment

Meta

Microsoft

Privacy

Robotics

Security

societal

Space

Startups

TikTok

exile

Venture

More from TechCrunch

issue

Startup Battlefield

StrictlyVC

newssheet

Podcasts

Videos

Partner Content

TechCrunch Brand Studio

Crunchboard

Contact Us

datum - loss bar startup Cyberhaven says hacker put out a malicious update to its Chrome extension that was open of stealing client watchword and session relic , according to an email send to strike customers , who may have been dupe of this suspected supply - chain flak .

Cyberhaven confirmed the cyberattack to TechCrunch on Friday but decline to comment on specifics about the incident .

An email from the ship’s company send to customers , obtained and publishedby security researcher Matt Johansen , enunciate the hacker compromise a caller account to publish a malicious update to its Chrome file name extension in the early morning of December 25 . The electronic mail said that for customer move the compromised browser app extension , “ it is possible for sore information , including authenticated sessions and cookies , to be exfiltrated to the aggressor ’s domain . ”

Cyberhaven spokesperson Cameron Coles declined to annotate on the electronic mail but did not dispute its genuineness .

In a brief emailed statement , Cyberhaven said its security squad notice the via media in the afternoon of December 25 and that the malicious extension ( version 24.10.4 ) was then remove from the Chrome Web Store . A new logical version of the extension ( 24.10.5 ) was unloose soon after .

Cyberhaven offers products that it say protect against data exfiltration and other cyberattacks , let in web internet browser extensions , which allow the company to supervise for potentially malicious action on website . The Chrome Web Store showsthe Cyberhaven extensionhas around 400,000 corporate client users at the meter of writing .

When asked by TechCrunch , Cyberhaven go down to say how many affected customers it had notified about the falling out . The California - based company list technology giants Motorola , Reddit , and Snowflake as customer , as well as law firms and wellness insurance giants .

According to the email that Cyberhaven sent to its customer , affected users should “ revoke ” and “ turn out all passwords ” and other text - free-base certification , such as API token . Cyberhaven said customers should also review their own logs for malicious bodily function . ( Session keepsake and cookies for logged - in accounts that are stolen from the drug user ’s internet browser can be used to lumber in to that accounting without needing their password or two - divisor codification , in effect tolerate hacker to bypass those security system measures . )

The email does not specify whether customers should also change any credential for other accounts store in the Chrome internet browser , and Cyberhaven ’s spokesperson declined to fix when asked by TechCrunch .

According to the electronic mail , the compromise caller chronicle was the “ unmarried admin score for the Google Chrome Store . ” Cyberhaven did not say how the caller account was compromised , or what collective security policy were in place that allowed the account compromise . The company say in its brief statement that it has “ start a comprehensive revue of our security practice and will be implementing extra guard free-base on our determination . ”

Cyberhaven aver it ’s charter an incident reply business firm , which the email to customers state is Mandiant , and is “ actively cooperate with Union law enforcement . ”

Jaime Blasco , the co - founder and CTO of Nudge Security , saidin posts on Xthat several other Chrome extensions were compromised as patently part of the same campaign , including several extensions with tens of M of user .

Blasco severalise TechCrunch that he is still inquire the attacks and believes at this compass point that there were more elongation compromised earlier this twelvemonth , including some related to AI , productiveness , and VPNs .

“ It seems it was n’t target against Cyberhaven , but rather opportunistically direct extension developers , ” pronounce Blasco . “ I think they went after the extension that they could based on the developers ’ credential that they had . ”

In its argument to TechCrunch , Cyberhaven said that “ public reports propose this approach was part of a wide campaign to place Chrome extension developer across a wide compass of companies . ” At this point it ’s unclear who is responsible for for this campaign , and other affected companies and their extensions have yet to be confirmed .