Google Chrome extensions hit in major attack - dozens of developers affected, so be on your guard

News
By published

Highly sophisticated supply chain attack started with a phishing email

chrome firefox extensions
Image credit: Shutterstock (Image credit: Shutterstock)
  • Researchers discover large supply-chain attack targeting Chrome extension developers
  • Dozens have been compromised, resulting in possibly millions of victim users
  • Researchers urge users to patch or uninstall certain extensions

Hackers have managed to compromise dozens of legitimate Google Chrome extensions in what appears to be a highly sophisticated supply chain attack.

As a result, millions of browser users are at risk of data theft, identity theft, wire fraud, and more, cybersecurity researchers at Sekoia has said.

The researchers said the attack starts with a very convincing phishing attack, in which the threat actors impersonated Google Chrome Web Store support. They sent emails to Chrome extension developers, warning them about violated store policies, and having their work removed from the store unless they “extended their privacy policy”. Obviously, the email came with a link, leading to a legitimate Google OAuth authorization page, built for a malicious application

Facebook Business and other targets

Victims who would log in would actually share their login credentials with the attackers, who would use the access to poison their work and compromise the extensions.

Sekoia says that the threat actors were going after Facebook Business accounts, API keys, session cookies, access tokens, account information, and ad account details. In some cases, it was added, the crooks were going after ChatGPT API keys and user authentication data, as well.

The team traced the campaign back to at least March 2024, with the possibility of earlier activity, too.

Some of the more popular extensions that were targeted include GraphQL Network Inspector, Proxy SwitchyOmega (V3), YesCaptcha assistant, Castorus, and VidHelper – Video Download Helper. The full list of attacked extensions can be found on this link.

The number of affected individuals is measured in hundreds of thousands, or even millions, and mostly revolves around the number of downloads of these plugins. Most of the poisoned solutions have been pulled from the Chrome Web Store already. However, users are still advised to remove, or update, affected extensions, to versions released after December 26, 2024, and reset important account passwords, especially for Facebook and ChatGPT.

Via The Register

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
Chrome icon on Android
Google Chrome extensions hack may have started much earlier than expected
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Google Chrome extensions targeted by hackers to steal user passwords
A finger touching the google chrome icon in the Windows 10 start menu
A new Chrome browser highjacking attack could affect billions of users - here's how to fight it
HTTPS in a browser address bar
Malicious "polymorphic" Chrome extensions can mimic other tools to trick victims
hacker.jpeg
VSCode extensions pulled over security risks, but millions of users have already installed
Wordpress brand logo on computer screen. Man typing on the keyboard.
Thousands of WordPress sites targeted with malicious plugin backdoor attacks
Latest in Security
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
UK Prime Minister Sir Kier Starmer
The UK releases timeline for migration to post-quantum cryptography
Latest in News
Samsung HW-Q990D soundbar with Halloween theme over the top
Samsung promises to repair soundbars bricked by its disastrous software update for free – but it'll probably involve shipping
Google Gemini AI
Gmail is adding a new Gemini AI tool to help smarten up your work emails
DJI Mavic 3 Pro
More DJI Mavic 4 Pro leaks seemingly reveal launch date, price and key features of the triple camera drone – here's what to expect
Android 16 logo on a phone
Here's how Android 16 will upgrade the screen unlocking process on your Pixel
Man sitting on sofa, drinking coffee, looking at phone in surprise
Thousands of coffee lovers warned to stop using their espresso machines immediately after reports of burns and lacerations
Visual Intelligence identifying a dog
AirPods with cameras for Visual Intelligence could be one of the best personal safety features Apple has ever planned – here's why
More about security
IBM office logo

IBM to provide platform for flagship cyber skills programme for girls
Hacker silhouette working on a laptop with North Korean flag on the background

North Korea unveils new military unit targeting AI attacks

Andrew Koji as Zeek pointing a gun at someone off camera.

Andrew Koji reveals Gangs of London season 3's new mysterious assassin is like 'the human Terminator' in the Sky Original series
See more latest
Most Popular
DJI Mavic 3 Pro
More DJI Mavic 4 Pro leaks seemingly reveal launch date, price and key features of the triple camera drone – here's what to expect
De'Longhi Linea Classic espresso machine on kitchen counter with hot and cold coffee drinks
I'm a qualified barista, and De'Longhi's latest espresso machine could be this year's best budget buy for coffee lovers
Man sitting on sofa, drinking coffee, looking at phone in surprise
Thousands of coffee lovers warned to stop using their espresso machines immediately after reports of burns and lacerations
Samsung HW-Q990D soundbar with Halloween theme over the top
Samsung promises to repair soundbars bricked by its disastrous software update for free – but it'll probably involve shipping
A Minecraft sheep.
Minecraft developer rejects generative AI, 'it's important that it makes us feel happy to create as humans'
Nvidia AMD
Nvidia rumors suggest it's working on two affordable GPUs to spoil AMD's party
Google Gemini AI
Gmail is adding a new Gemini AI tool to help smarten up your work emails
Visual Intelligence identifying a dog
AirPods with cameras for Visual Intelligence could be one of the best personal safety features Apple has ever planned – here's why
Android 16 logo on a phone
Here's how Android 16 will upgrade the screen unlocking process on your Pixel
Apple iPhone 16 Review
New iPhone 17 report lends weight to rumors of major display and camera upgrades, and a pricey Apple foldable