- Socket found five malicious Chrome extensions spoofing HR/ERP platforms
- Extensions enabled credential theft, session hijacking, and incident response blocking
- Removed from the Chrome Store, but still on third-party sites
If you use Workday, NetSuite, or SuccessFactors at work, you may want to be careful about which browser extensions or add-ons you have installed, as you may have inadvertently installed malware.
Security researchers Socket have warned of the discovery of five Chrome extensions, spoofing popular human resources (HR) software and enterprise resource planning (ERP) platforms.
The plugins are designed to steal authentication tokens, block incident response capabilities, or grant complete account control via session hijacking, the researchers explained.
Thousands of victims
Here is the full list of malicious extensions:
DataByCloud access
Access to tools 11
DataByCloud 1
DataByCloud 2
Access to the software
By the time the news hit the web, all five had already been removed from the Google Chrome Web Store. Still, users who installed them before won’t be entirely safe until they uninstall the plugins and run a deep scan to see if the infection has been cleaned.
Furthermore, Hacker news reports that the plugins are still available on third-party software download sites such as Softonic, but we were unable to independently verify these claims since Softonic’s site appeared to be offline at the time of publication.
In total, these five add-ons were downloaded 2,739 times, suggesting that the campaign was not particularly effective.
Yet Workday, NetSuite, and SuccessFactors are typically used by medium to large organizations, including enterprises and multinationals, for HR, finance, payroll, and operations teams. A complete account hijacking of just one of these organizations can turn into a large-scale cyberattack resulting in millions of dollars in damages and thousands of people affected.
To make matters even worse, some of the removed expansions were first released over four years ago.
“The combination of continued credential theft, administrative interface blocking, and session hijacking creates a scenario where security teams can detect unauthorized access but cannot remediate it through normal channels,” Socket said.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
