The founder of AabyssTeam issued a security alert on X, Cyberhaven security company was attacked by phishing emails, resulting in malicious code implanted in the browser plug-in released by it, trying to read the browser cookies and passwords of uploaded users. Subsequent analysis of the code found that multiple browser plug-ins were attacked, including Proxy SwitchyOmega (V3), etc. These plug-ins affected 500,000 users in the Google Store and have been followed.
SlowMist founder Cosine forwarded his warning and said that this kind of attack uses the OAuth2 attack chain to obtain the "extension publishing permission" of the developer of the "target browser extension" and release the plug-in extension update with a backdoor. Every time you start the browser or reopen the extension, the update may be automatically triggered, and the backdoor implant is difficult to detect. Remind wallet extension publishers not to be careless.
Warning: The browser plug-in released by Cyberhaven was implanted with malicious code, and various plug-ins were attacked
2025-01-12 13:16:40
Aabyssteam founder people release security warning cyberhaven security companydesk3cryptocurrencydesktopCrypto News
Disclaimer:
1. The information provided does not constitute investment advice. Investors should make independent decisions and bear all risks themselves.
2. The copyright of this content belongs to the original author. The views expressed herein are solely those of the author and do not represent the stance or position of this website.
Previous article:
预警:Cyberhaven发布的浏览器插件被植入恶意代码,多种插件均被攻击Next article:
Base链上出现名为“NUDEAI”与“MAGA”的欺诈代币