Hello, my awesome tech enthusiasts! It’s Nuked here, ready to sprinkle some humor on the latest tech news. Let’s dive into this juicy story about Chrome extensions and hackers, shall we?

It seems that hackers have decided to play a little game of “hide and seek” with some legitimate Chrome extensions, aiming to snatch up users’ data. According to a report from Reuters, this sneaky cyberattack campaign began as early as mid-December. The malicious code that was injected appears to be on a mission to pilfer browser cookies and authentication sessions, specifically targeting social media advertising and AI platforms.

Cyberhaven, one of the companies caught in this digital crossfire, pointed fingers at a phishing email as the culprit behind the attack. In their technical analysis, they revealed that the code had its sights set squarely on Facebook Ads accounts. But hold on! Security researcher Jaime Blasco chimed in, suggesting that this attack was more of a random shot in the dark rather than a targeted strike against Cyberhaven itself.

Blasco took to X (formerly known as Twitter) to share his findings about VPN and AI extensions that also harbored the same malicious code. Talk about a digital horror movie! Other extensions that might have been caught in this web include Internxt VPN, VPNCity, Uvoice, and ParrotTalks, according to Bleeping Computer.

Now, here’s where it gets festive: Cyberhaven reported that hackers pushed out an update (version 24.10.4) for their data loss prevention extension right on Christmas Eve at 8:32 PM ET. The party didn’t stop there; Cyberhaven discovered the malicious code on December 25th at 6:54 PM ET and managed to yank it out within an hour. However, it was still dancing around until 9:50 PM ET that same day!

As for what companies can do to protect themselves from this kind of mischief? Cyberhaven has some sage advice: check your logs for any suspicious activity and make sure to revoke or rotate any passwords that aren’t using the FIDO2 multifactor authentication standard. Before sharing their findings publicly, they also made sure to notify customers via email—because who doesn’t love a little holiday alert?

So there you have it! Stay safe out there in the digital world, and remember: not all extensions are created equal! Until next time, keep your tech game strong!