Cyber startup employee hacked to distribute malicious Chrome extension

Dec. 30, 2024, 8:25 a.m.

Description

Several Chrome extensions have been compromised, including those related to Cyberhaven. The affected extensions are linked to multiple suspicious domains resolving to the same IP address as cyberhavenext[.]pro. Some confirmed compromised extensions are listed with their corresponding URLs. Users are advised to search for these extensions in their environments and monitor for any traffic to the IP address 149.28.124[.]84. This information suggests a widespread attack targeting browser extensions, potentially putting users' data and privacy at risk.

External References

https://therecord.media/cyberhaven-hack-google-chrome-extension
https://www.linkedin.com/posts/jaimeblasco_regarding-the-cyberhaven-chrome-extension-activity-7278237969637941248-qBEj/
https://otx.alienvault.com/pulse/676eb7ea8d206aea4fcd8efd
Tags
chrome
2024-12-27
browser extensions
cyberhaven

Date

  • Created: Dec. 27, 2024, 2:21 p.m.
  • Published: Dec. 27, 2024, 2:21 p.m.
  • Modified: Dec. 30, 2024, 8:25 a.m.

Indicators

  • 149.28.124.84
Download all indicators here!

Attack Patterns