Several Chrome Extensions Compromised in Supply Chain Attack

Malicious versions of Cyberhaven and other Chrome extensions were published to the Google Chrome Web Store as part of a supply chain attack likely targeting Facebook advertising users.

The extension of data security firm Cyberhaven was compromised after an employee fell victim to a phishing attack and authorized a malicious OAuth application called ‘Privacy Policy Extension’ to Cyberhaven’s Chrome Web Store account.

Purporting to come from the Chrome Web Store, the phishing message was sent to the registered support email, claiming that the extension’s description contained excessive keywords and that it would be removed from the store.

After clicking on the link in the message, the employee was taken through the standard Google authorization process and they inadvertently gave the malicious third-party application permissions to access the developer account.

“The employee had Google Advanced Protection enabled and had MFA covering his account. The employee did not receive a ...