Hackers Target Dozens of VPN, AI Extensions For Google Chrome To Compromise Data
(Thursday January 02, 2025 @10:30PM (BeauHD)
from the PSA dept.)
- Reference: 0175819275
- News link: https://it.slashdot.org/story/25/01/02/2157246/hackers-target-dozens-of-vpn-ai-extensions-for-google-chrome-to-compromise-data
- Source link:
An anonymous reader quotes a report from The Record:
> Cybersecurity researchers have uncovered dozens of attacks that involve malicious updates for Chrome browser extensions, one week after a security firm was compromised in a similar incident. As of Wednesday, a total of 36 Chrome extensions injected with data-stealing code have been detected, [1]mostly related to artificial intelligence (AI) tools and virtual private networks (VPNs), according to [2]a report by ExtensionTotal, a platform that analyzes extensions listed on various marketplaces and public registries. These extensions, collectively used by roughly 2.6 million people, include third-party tools such as ChatGPT for Google Meet, Bard AI Chat, YesCaptcha Assistant, VPNCity and Internxt VPN. Some of the affected companies have already addressed the issue by removing the compromised extensions from the store or updating them, according to ExtensionTotal's analysis. [...]
>
> It remains unclear whether all the compromised extensions are linked to the same threat actor. Security researchers warn that browser extensions "shouldn't be treated lightly," as they have deep access to browser data, including authenticated sessions and sensitive information. Extensions are also easy to update and often not subjected to the same scrutiny as traditional software. ExtensionTotal recommends that organizations use only pre-approved versions of extensions and ensure they remain unchanged and protected from malicious automatic updates. "Even when we trust the developer of an extension, it's crucial to remember that every version could be entirely different from the previous one," researchers said. "If the extension developer is compromised, the users are effectively compromised as well -- almost instantly."
[1] https://therecord.media/hackers-target-vpn-ai-extensions-google-chrome-malicious-updates
[2] https://www.extensiontotal.com/cyberhaven-incident-live
> Cybersecurity researchers have uncovered dozens of attacks that involve malicious updates for Chrome browser extensions, one week after a security firm was compromised in a similar incident. As of Wednesday, a total of 36 Chrome extensions injected with data-stealing code have been detected, [1]mostly related to artificial intelligence (AI) tools and virtual private networks (VPNs), according to [2]a report by ExtensionTotal, a platform that analyzes extensions listed on various marketplaces and public registries. These extensions, collectively used by roughly 2.6 million people, include third-party tools such as ChatGPT for Google Meet, Bard AI Chat, YesCaptcha Assistant, VPNCity and Internxt VPN. Some of the affected companies have already addressed the issue by removing the compromised extensions from the store or updating them, according to ExtensionTotal's analysis. [...]
>
> It remains unclear whether all the compromised extensions are linked to the same threat actor. Security researchers warn that browser extensions "shouldn't be treated lightly," as they have deep access to browser data, including authenticated sessions and sensitive information. Extensions are also easy to update and often not subjected to the same scrutiny as traditional software. ExtensionTotal recommends that organizations use only pre-approved versions of extensions and ensure they remain unchanged and protected from malicious automatic updates. "Even when we trust the developer of an extension, it's crucial to remember that every version could be entirely different from the previous one," researchers said. "If the extension developer is compromised, the users are effectively compromised as well -- almost instantly."
[1] https://therecord.media/hackers-target-vpn-ai-extensions-google-chrome-malicious-updates
[2] https://www.extensiontotal.com/cyberhaven-incident-live
Mostly very obvious scams, like Honey (Score:2)
by Sarusa ( 104047 )
Honey was a very obvious scam - I said years ago their business model must be exactly what they're now being accused of doing (like it's a surprise) - especially after they got bought by the scammers at Paypal. Even if it actually started legit, there was no way it was going to survive being legit at Paypal.
And most of these extensions are, like Honey, very obvious scams. If you're someone dumb enough to install something like 'TinaMeet', 'Vidnoz Flex', 'ChaptGPT for Google Meet', 'VPNCity' (sure, explicitl
vpn extension? (Score:2)
why the hell would you use a vpn extension?
Re: (Score:2)
> why the hell would you use a vpn extension?
There are plenty of people who don't understand VPNs. If you don't understand VPNs, you won't understand why or why not it would make any sense to have a browser extension doing VPN stuff.
Re: (Score:2)
I find it quite dubious that an extension can reliably prevent leaking.
Re: (Score:2)
People don't know any better. Has been like that for decades since dubious porn sites pushed their special ActiveX control for that warm spyware/adware/BHO experience.