Cybersecurity researchers have uncovered five malicious Google Chrome extensions impersonating HR and ERP platforms like Workday and NetSuite to hijack user sessions and steal authentication tokens. Although most have been removed from the Chrome Web Store, they are still accessible on third-party sites and pose a significant threat to victim accounts. #DataByCloud #SuccessFactors
Keypoints
- Five malicious Chrome extensions impersonate enterprise platforms to hijack accounts and steal cookies.
- Most extensions have been removed from the Chrome Web Store but remain available on third-party sites.
- The extensions perform DOM manipulation to block security pages and facilitate session hijacking.
- They exfiltrate authentication cookies every 60 seconds to a remote server controlled by attackers.
- The attackerβs toolkit includes security-related Chrome extensions to monitor and counteract detection efforts.
Read More: https://thehackernews.com/2026/01/five-malicious-chrome-extensions.html