As a result of a cyberattack, malicious code hit a Chrome extension, which led to the theft of user data, writes Reuters. We have selected the main thing.
What happened
As a result of a cyberattack in December of this year, malicious code hit a Chrome extension — This led to the theft of user data such as cookies and passwords.
According to Cyberhaven, one of the victims of the attack, the attackers used phishing emails to launch malicious code. Using this code, the attackers stole important information such as cookies and passwords from user accounts, including on advertising platforms such as Facebook Ads.
The list of affected extensions included VPN applications — Internxt VPN and VPNCity, as well as others such as Uvoice and ParrotTalks. Cyberhaven said that the malicious code was downloaded along with a Chrome update (version 24.10.4) on December 24, and was discovered on December 25. The company says it removed the malicious code within an hour and urged users to check their accounts for suspicious activity and change their passwords.