Introduction
Cybersecurity researchers have identified five new malicious Google Chrome web browser extensions that masquerade as human resources (HR) and enterprise resource planning (ERP) platforms such as Workday, NetSuite, and SuccessFactors. These extensions work in tandem to steal authentication tokens, block incident response capabilities, and enable full account takeover.
How the Extensions Operate
The malicious extensions impersonate trusted platforms by mimicking their user interfaces and functionalities. When users log into these platforms through the compromised Chrome extension, attackers gain unauthorized access to sensitive data and operational controls.
Threat Impact
- Stealing Authentication Tokens: By stealing authentication tokens, attackers can bypass normal login procedures and gain access to user accounts without knowing the original passwords.
- Blocking Incident Response Capabilities: The extensions disable critical incident response mechanisms, allowing attackers to remain undetected for extended periods.
- Complete Account Takeover: Once attackers have full control of the victim's account, they can perform various malicious activities such as transferring funds, altering data, or even selling the stolen credentials on the dark web.
Criticality and Mitigation
The criticality of this threat is rated at 7 out of 10. The extensions pose a significant risk to organizations that rely on these platforms for managing HR and business operations. To mitigate this risk, users should:
- Update their browsers and extensions regularly.
- Suspect any unfamiliar or suspicious websites or applications.
- Use strong, unique passwords and enable two-factor authentication where available.
Conclusion
The discovery of these malicious Chrome extensions highlights the importance of vigilance in the digital workplace. Organizations must remain vigilant and take proactive measures to protect their sensitive data and operational control from such cyber threats.