As a business owner, you may have witnessed or even fallen victim to a phishing scam. If it makes you feel any better, you’re not alone – modern companies regularly fight off these attacks, and perpetrators are relentless!
The Google Chrome Extension attack against Cyberhaven is a recent example of this exploitation. If you’d like some pointers on how to protect yourself and your business, take a look.
What Is the Process Involved in “Phishing”?
The world’s first phishing attack occurred around the mid-1990s. Cybercriminals pretended to be AOL personnel to create login credential-stealing opportunities. These hacks target individuals and companies still, and the simple process remains the same as it did thirty years ago:
- Hacker sends fraudulent communication, usually through emails
- Message looks like it hails from a reputable source
- Receiver trusts the information
- Hacker steals sensitive data, like logins or credit card numbers, or installs malware
Things were no different during Cyberhaven’s recent Google Chrome Extension attack.
Preparing To Attack the Business
Cyberhaven’s hackers tested their technology first, preparing and perfecting the attack commands and subdomains since March 2024. New domains came to light from November to early December, and this Google Chrome Extension attack came to fruition. The attack successfully phished an employee at Cyberhaven, but how did it all go down?
Seeing the Attack Through on Google Chrome
An email pretending to be from Google reached a company developer. The notification claimed one of its extensions was breaching the Chrome Web Store policies. It said the developer had to “allow a Privacy Policy Extension,” or Google would remove its existing one.
The developer did what the message instructed, and the attackers gained access to the Google Chrome Web Store. The store’s attackers planted a faux version of their Chrome Extension for people to download. Still, nobody blinked an eye since it came directly from the legitimate store. Pre-existing users with automatic extension updates enabled received the download unaware.
The Festive Phishing Perpetrators Did as Much Damage as Possible
On Christmas Eve, the hackers fulfilled their goal, committing Facebook data theft via the Google Chrome Extension attack. Cybersecurity discovered the extensions the next day and removed them within an hour. However, the malware still affected 400,000 devices.
What This Means for Your Company
This browser hijack put 2.6 million users worldwide at risk. The extensions are down so that no new users can download it. Your business should remove the extension as soon as possible!
