Cyberhaven Phishing On Christmas Eve, Chrome Extensions Infiltrated

This is the Cyberhaven logo. (Doc. Cyberhaven)

JAKARTA - Cyberhaven cybersecurity firm acknowledged a dangerous attack, which occurred on Christmas Eve, affecting the company's Chrome extension.

However, Cyberhaven President Director Howard Ting said they could stop the attack quickly.

Based on a publicly posted transparency report, a phishing attack occurred on December 24, in which the credentials of Cyberhaven employees used to access the Google Chrome Web Store have been compromised, so attackers can upload malicious versions of their extensions.

Our team has confirmed a malicious cyberattack that occurred on Christmas Eve, affecting Cyberhaven's Chrome extension. Here's our post about the incident and the steps we're taking: https://t.co/VTBC73eWda

Our security team is available 24/7 to assist affected customers and…

— Cyberhaven (@CyberhavenInc) December 27, 2024

Our team has confirmed a malicious cyberattack that occurred on Christmas Eve, affecting Cyberhaven's Chrome extension. Here's our post about the incident and the steps we're taking: https://t.co/VTBC73eWda

Our security team is available 24/7 to assisted customers and...

Then, the Cyberhaven security team detected this infiltration at 23:54 UTC on December 25 (or about 06:54 WIB the next day) and managed to remove the dangerous package within 60 minutes.

This incident has limited coverage and duration, and affects only the 24.10.4 version of Cyberhaven' Chrome extension. Meanwhile, the impact was only felt by Chrome-based browser users who made automatic updates during that period.

For browsers running compromised extensions, the malicious code may steal cookies and authentication session data from certain sites.

Despite the ongoing investigation, Cyberhaven has taken swift action that has limited the impact further from this incident.

"We have started a thorough review of our security practices and will apply additional protection," Howard said.

"We will continue to provide the latest information to customers and support you in any way possible to reduce the impact of this incident," he concluded.