Back to LinkedIn posts

LinkedIn post 233

This is eye-opening!

This is eye-opening!
Cyberhaven is a cybersecurity company that released a Chrome extension to prevent sensitive data from leaking via ChatGPT, Facebook or other platforms.

The Cyberhaven admin received a fake email saying that the extension was in violation of Google's policies. Obviously alarmed, that admin clicked a link which granted OAuth permission to the fake app "Privacy Policy Extension".

The fake app was controlled by the attacker, who then uploaded a malicious version of Cyberhaven's Chrome extension to the Chrome Web Store.

Nearly all 400,000 Cyberhaven users browsers were infected with extension code designed to steal users’ passwords, cookies, and other information that could enable account takeovers.

They investigated and found other 16 browser extensions with that same malicious code.

🔗 LINK:
https://lnkd.in/g3uNhgxJ

🔗 The list of extensions:
https://lnkd.in/gZcgw5W4