By Chandramohan Rajput | Jan 03, 2025
NEWS
Hackers have escalated their campaign, compromising 35 Chrome extensions used by more than 2.6 million people. The breach exposes growing risks in browser security.
7FB806
- Where is Cookie? - Web Mirror - ChatGPT App - Hi AI - Web3Password Manager - YesCaptcha assistant - Bookmark Favicon Changer - Proxy SwitchyOmega - GraphQL Network Inspector - AI Assistant - Bard AI chat - ChatGPT for Google Meet - Search Copilot AI Assistant for Chrome - TinaMind - Wayin AI - VPNCity - Internxt VPN - Vidnoz Flex - VidHelper - Castorus - Uvoice - Reader Mode
Developers received phishing emails mimicking Google policy violation notices. These emails tricked them into granting access to malicious apps.
Attackers used a fake OAuth app to gain control of developer accounts. Multi-factor authentication didn’t prevent these breaches.
Malicious scripts were added to compromised extensions in order to steal sensitive information, with a focus on Facebook business accounts.
The stolen data included Facebook IDs, cookies, and ad account information. Hackers intended to hijack and monetize accounts.
You should update your extensions right away, audit your installations, and keep an eye on your accounts for any unusual activity.