Click to Skip Ad
Closing in...
TRENDING: iOS 18 iPhone 16 Apple Watch Battery Life M4 MacBook Pro AirPods Max 2 watchOS 11 Apple One Reset AirPods iPad sideloading
Norton VPN Plus is 54% off for BGR readers!
Home Tech Security

Hackers are hijacking Chrome extensions in an attempt to steal your data

Jacob Siegal
By
Published Dec 30th, 2024 8:34PM EST
The logo of Google Chrome is seen on laptop's screen.
Image: Ali Balikci/Anadolu Agency/Getty Images

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

While you were wrapping presents or spending time with friends and family on Christmas Eve, hackers were busy looking for ways to steal your data. Reuters reports that multiple companies have seen their Chrome browser extensions hijacked by cybercriminals in recent days, such as the data protection company Cyberhaven on December 24.

“On December 24, a phishing attack compromised a Cyberhaven employee’s credentials to the Google Chrome Web Store,” Cyberhaven CEO Howard Ting wrote on the company’s blog. “The attacker used these credentials to publish a malicious version of our Chrome extension (version 24.10.4). Our security team detected this compromise at 11:54 PM UTC on December 25 and removed the malicious package within 60 minutes.”

Ting says only Chrome-based browsers that auto-updated while the malicious code was active from 1:32 AM UTC on December 25 to 2:50 AM UTC on December 26 were affected. All users who were impacted by the hack were notified by Cyberhaven on December 26, and the team has since published a secure version of the extension.

Unfortunately, this wasn’t an isolated incident for Chrome extensions.

Nudge Security co-founder Jaime Blasco tells Reuters that hackers have similarly hijacked other browser extensions, indicating this is part of a large attack. On X, Blasco pointed to several more extensions with malicious code that he found on the Chrome Web Store:

  • Internxt VPN – Free, Encrypted & Unlimited VPN (10,000 users)
  • VPNCity – Fast & Unlimited VPN | Unblocker (50,000 users)
  • Uvoice (40,000 users)
  • ParrotTalks (40,000 users)

Even that is just the tip of the iceberg. In a lengthy blog post that is still being regularly updated, cybersecurity practitioner John Tuckner found more extensions containing the familiar malicious code (via Bleeping Computer): Bookmark Favicon Changer, Castorus, Wayin AI, Search Copilot AI Assistant, VidHelper, Vidnoz Flex, TinaMind, Primus, AI Shop Buddy, Sort by Oldest, Earny, ChatGPT Assistant, Keyboard History Recorder, and Email Hunter.

If you use any of these extensions, you should check to see if they have been updated recently and if the developer is aware of this attack. Either way, you might want to reset all of your passwords anyway if you think there’s any chance you’ve been affected.

Don’t Miss: New Chrome extensions block Reddit links and annoying AI overviews from Google Search results

This article talks about:

Jacob Siegal
Jacob Siegal Associate Editor

Jacob Siegal is Associate Editor at BGR, having joined the news team in 2013. He has over a decade of professional writing and editing experience, and helps to lead our technology and entertainment product launch and movie release coverage.

Jacob Siegal's latest stories

More Tech

Latest News