- Home
- Alerts & Advisories
- Alerts
- Ongoing Campaign Targeting Chrome Browser Extensions
Ongoing Campaign Targeting Chrome Browser Extensions
30 December 2024
There are reports of an ongoing campaign to steal sensitive information from users of Chrome Browser Extensions. The extensions that have been compromised are observed to contain malicious code that could allow an attacker to exfiltrate authenticated sessions and cookies, enabling the attacker to impersonate the victim without requiring a username or password. This allows the attacker to gain unauthorised access to resources, perform actions on the victims' behalf, or escalate their privileges.
As of 30 December, the following Chrome browser extensions have been confirmed to carry malicious code:
AI Assistant - ChatGPT and Gemini for Chrome
AI Shop Buddy
Bard AI chat
Bookmark Favicon Changer
Castorus
ChatGPT Assistant - Smart Search
Cyberhaven security extension V3
Earny - Up to 20% Cash Back
Email Hunter
Internxt VPN
Keyboard History Recorder
Parrot Talks
Primus (prev. PADO)
Reader Mode
Rewards Search Automator
Search Copilot AI Assistant for Chrome
Sort by Oldest
Tackker - online keylogger tool
TinaMind - The GPT-4o-powered AI Assistant!
Uvoice
VidHelper - Video Downloader
Vidnoz Flex - Video recorder & Video share
Visual Effects for Google Meet
VPNCity
Wayin AI
While there are no reports observed locally, users of the affected extensions are advised to uninstall the affected extensions, reset account passwords, clear browser data and reset browser settings to their original defaults before installing a safe version of the extension (if available).
More information is available here:
https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html
https://secureannex.com/blog/cyberhaven-extension-compromise/