- Socket found five malicious Chrome extensions spoofing HR/ERP platforms
- Extensions enabled credential theft, session hijacking, and blocked incident response
- Removed from Chrome Store, but still on third-party sites
If you are using Workday, NetSuite, or SuccessFactors at work, you might want to pay attention to the browser extensions or add-ons you have installed, because you may have inadvertently installed malware.
Security researchers Socket have warned of discovering five Chrome extensions, spoofing popular human resource (HR) software and enterprise resource planning (ERP) platforms.
The plugins are designed to steal authentication tokens, block incident response capabilities, or grant full account takeover via session hijacking, the researchers explained.
Thousands of victims
Here is the full list of malicious extensions:
DataByCloud Access
Tool Access 11
DataByCloud 1
DataByCloud 2
Software Access
By the time the news hit the web, all five were already removed from the Google Chrome Web Store. Still, users who installed them before won’t be entirely secure until they uninstall the plugins and run a thorough scan to see if the infection had been cleaned.
Furthermore, The Hacker News reports that the plugins are still available on third-party software download sites such as Softonic, but we couldn’t independently verify these claims since Softonic’s site seemed to be offline at press time.
Cumulatively, these five add-ons were downloaded 2,739 times, which suggests the campaign was not particularly effective.
Still, Workday, NetSuite, and SuccessFactors are usually used by medium to large organizations, including enterprises and multinational firms, for HR, finance, payroll, and operations teams. A full account takeover in just one such organization can turn into a large-scale cyberattack with millions of dollars of damages and thousands of affected individuals.
To make matters even worse, some of the extensions taken down were first published more than four years ago.
“The combination of continuous credential theft, administrative interface blocking, and session hijacking creates a scenario where security teams can detect unauthorized access but cannot remediate through normal channels,” Socket said.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
https://cdn.mos.cms.futurecdn.net/BgzYhZaoBuNXqTVhd2pjK-1000-80.jpg
Source link
