Targeted supply chain attack against Chrome browser extensions

216.73.216.233

Targeted supply chain attack against Chrome browser extensions

· Published 22/01/2025 16:27 · Modified 22/01/2025 16:48

Essential information

Published: 22/01/2025 16:27
Modified: 22/01/2025 16:48
Tags: 2025-01-22 browser extensions credentials data harvesting phishing supply-chain
Related entities: 80 observables, 13 techniques (mitre)

Description

In December 2024, a threat actor successfully compromised around a dozen legitimate Chrome browser extensions by exploiting extension developers' permissions gained through phishing attacks. The malicious code injected into the compromised extensions aimed to harvest sensitive user data like API keys, session cookies, and authentication tokens from websites such as ChatGPT and Facebook for Business. The analysis sheds light on the targeted phishing campaign, the adversary's infrastructure, and provides remediation steps along with technical indicators.

External references

https://blog.sekoia.io/targeted-supply-chain-attack-against-chrome-browser-extensions/
https://otx.alienvault.com/pulse/67911c6446b0ab9591b82cad