Security Alert: The browser extension released by Cyberhaven has been implanted with malicious code, and multiple extensions have been attacked

2025-01-12 21:15:51

Collection

ChainCatcher message, AabyssTeam founder issued a security warning on X, stating that Cyberhaven security company was attacked by phishing emails, resulting in the browser plugin they released being implanted with malicious code, attempting to read the uploaded users' browser cookies and passwords. Subsequent code analysis revealed that multiple browser plugins were attacked, including Proxy SwitchyOmega (V3), affecting five hundred thousand users in the Google Store, which is currently under scrutiny.

The founder of Slow Mist, Yu Xian, forwarded the warning and stated that this type of attack uses an OAuth2 attack chain. After obtaining the "extension publishing rights" of the developer of the "target browser extension," they publish an updated plugin extension with a backdoor. Each time the browser is launched or the extension is reopened, it may automatically trigger the update, making the backdoor implantation difficult to detect. He reminds wallet extension developers not to be careless.

(Source Link)

ChainCatcher reminds readers to view blockchain rationally, enhance risk awareness, and be cautious of various virtual token issuances and speculations. All content on this site is solely market information or related party opinions, and does not constitute any form of investment advice. If you find sensitive information in the content, please click "Report", and we will handle it promptly.

Web3 attack incidents and security accidents

This special collection focuses on attack incidents and security accidents in the Web3 field.

Topic or theme