Today > | 2 Medium | 1 Low vulnerabilities   -   You can now download lists of IOCs here!

Regarding the Cyberhaven chrome extension compromise, there are other...

Dec. 27, 2024, 5:21 p.m.

Tags
chrome
2024-12-27
browser extensions
cyberhaven
External References
Description

Several Chrome extensions have been compromised, including those related to Cyberhaven. The affected extensions are linked to multiple suspicious domains resolving to the same IP address as cyberhavenext[.]pro. Some confirmed compromised extensions are listed with their corresponding URLs. Users are advised to search for these extensions in their environments and monitor for any traffic to the IP address 149.28.124[.]84. This information suggests a widespread attack targeting browser extensions, potentially putting users' data and privacy at risk.

Date

Published: Dec. 27, 2024, 2:21 p.m.

Created: Dec. 27, 2024, 2:21 p.m.

Modified: Dec. 27, 2024, 5:21 p.m.

Indicators

149.28.124.84

readermodeext.info

parrottalks.info

vpncity.live

bookmarkfc.info

yujaverity.info

wayinai.live

uvoice.live

primusext.pro

policyextension.info

moonsift.store

iobit.pro

censortracker.pro

castorus.info

Download all indicators here!

Attack Patterns

T1567

T1176

T1071

T1102

T1059