1. Website Planet
  2. >
  3. News
  4. >
  5. Hackers Take Over Chrome Extensions To Steal User Information
Hackers Take Over Chrome Extensions To Steal User Information

Hackers Take Over Chrome Extensions To Steal User Information

Andrés Gánem Written by: Andrés Gánem
Alexandros Melidoniotis Reviewed by: Alexandros Melidoniotis
10 January 2025
On Christmas Eve, data protection company Cyberhaven was hit by a cyberattack targeting its Google Chrome extension. Hackers uploaded a malicious version of the extension to the Chrome Web Store, which let it steal sensitive user information. Security researchers believe this breach was part of a broader campaign aimed at multiple Chrome extension developers.

Cyberhaven disclosed the incident in a December 27 blog post. “Our team has confirmed a malicious cyberattack that occurred on Christmas Eve, affecting Cyberhaven’s Chrome extension,” wrote Howard Ting, Cyberhaven’s CEO. “Public reports suggest this attack was part of a wider campaign to target Chrome extension developers across a wide range of companies.”

According to the browser extension security platform Secure Annex, other compromised extensions include VPNCity, Uvoice, and Search Copilot AI Assistant for Chrome. You can view an updated spreadsheet of these extensions here.

Preliminary findings indicate the attackers gained access when one of Cyberhaven’s employees fell for a phishing scheme. Phishing relies on fraudulent emails or messages to trick people into sharing login credentials. In this case, hackers posed as Chrome’s developer support, sending emails that led developers to a deceptive app called “Privacy Policy Extension.” Once developers signed in, hackers accessed the Chrome Web Store and uploaded a malicious version of the extension.

The hackers designed the code to steal Facebook access tokens, user IDs, and information about accounts, businesses, and ads from users who had the compromised extensions installed. They also recorded mouse clicks on Facebook, presumably to bypass captchas and two-factor authentication.

Although Cyberhaven and other affected companies removed the malicious versions of their extensions, experts warn that not all compromised extensions may have been identified or fixed. Some still appear to remain active, leaving users vulnerable.

The attack came at the tail end of a year fraught with data leaks and threats to data protection worldwide, including the biggest password leak in history last July. To minimize the risk of exposure to future cyberattacks, experts urge users to monitor app updates, carefully read developer messages, and verify any requests for login credentials.

Andrés Gánem
Andrés Gánem
Andrés writes about a variety of topics aimed at helping business owners and merchants grow and manage their ventures. These topics include (but are not limited to) website building, web hosting, project management software, and credit card processing. Andrés has 3+ years of experience as a writer and content creator. He’s also worked as a project manager, website designer, and social media manager for a variety of science communication groups.

Follow our experts on
Rate this Article
4.0 Voted by 3 users
You already voted! Undo
This field is required Maximal length of comment is equal 80000 chars Minimal length of comment is equal 10 chars
Any comments?
Reply
View %s replies
View %s reply
More news
Show more
Reply to
0 out of minimum 50 characters
Complete your reply Complete your comment
The name is too short The name is too long The name contains invalid characters
The email is required The email is incorrect
Thank you, - your comment was submitted successfully!
We check all user comments within 48 hours to make sure they are from real people like you. We're glad you found this article useful - we would appreciate it if you let more people know about it.
Popup final window
Share this blog post with friends and co-workers right now:
1 1 1
Thank you, , your comment was submitted successfully!

We check all comments within 48 hours to make sure they're from real users like you. In the meantime, you can share your comment with others to let more people know what you think.

Thank you for signing up!

Once a month you will receive interesting, insightful tips, tricks, and advice to improve your website performance and reach your digital marketing goals!

1 1 1

So happy you liked it!

Share it with your friends!

1 < 1 1

Or review us on 1

3516619
50
5000
114312173