Malicious Extensions Steal Logins
Cybersecurity experts found five bad Chrome extensions. These fake add-ons pretend to help with work tools. They target popular business platforms like HR and ERP systems. Therefore, they trick users into installing them.
The extensions promise premium access. For example, they claim to simplify tasks on these platforms. However, they actually steal login details. Attackers use them to take over accounts completely.
The Five Dangerous Extensions
Researchers listed the problematic add-ons. One is called DataByCloud Access with over 250 installs. Another is Tool Access 11 with about 100 installs. DataByCloud 1 and DataByCloud 2 each reached 1,000 installs. Finally, Software Access had fewer but stayed active longer.
Most got removed from the official store. Still, some linger on third-party download sites. Users should avoid those sources. Moreover, the extensions come from similar publishers, showing a linked attack.
How They Steal Your Login Details
These extensions grab authentication cookies. They send the cookies to attacker servers every minute. Therefore, attackers get ongoing access without passwords. Additionally, they hide their traffic with encryption.
Some extensions block security pages. For instance, one stops access to 44 admin screens. It erases content and redirects wrongly. Another blocks even more, like password changes and 2FA setup. This stops quick fixes during attacks.
Advanced Tricks to Hide and Hijack
One extension disables browser developer tools. It prevents code checks by users or experts. Furthermore, all five watch for security add-ons. They flag tools like cookie editors or header modifiers.
This helps attackers stay hidden. If such tools exist, they know risks increase. Therefore, they adjust their methods. The most clever one receives stolen cookies. Then it injects them into the attacker’s browser for direct takeover.
Why This Attack Works Together
The extensions team up cleverly. Some steal cookies while others block defenses. One handles full hijacking. As a result, security teams spot issues but cannot respond easily. The campaign has run for years with updates.
Installs total over 2,300 across the group. Attackers use fake productivity claims. They target busy workers who need fast access. However, this leads to big risks like data theft or fraud.
Companies rely on these platforms daily. A takeover exposes sensitive HR data. It also risks financial records. Moreover, attackers block incident response. This delays cleanup and worsens damage.
Users face personal threats too. Stolen sessions mean lost control. Therefore, quick action matters. Experts warn about third-party sites still hosting these files.
How to Prevent These Malicious Extensions
You can protect yourself with strong habits. First, only install extensions from the official Chrome Web Store and check reviews carefully. Enable enterprise policies to restrict or allow-list approved add-ons only. Second, use advanced endpoint protection that scans browser extensions in real time and blocks suspicious permissions or network connections to unknown domains. Regularly review installed extensions and remove anything unfamiliar. Combine these with user training on safe downloading. These steps cut risks sharply and keep logins secure.
Sleep well, we got you covered.
