One after another, suspicious Chrome add-ons began appearing under false pretenses – each masquerading as helpful utilities. These were pulled from public view only after Socket, a cybersecurity group, traced them back to a single pattern of abuse. Instead of boosting efficiency, they harvested data from corporate systems like Workday, NetSuite, and SAP SuccessFactors. Installation counts climbed past 2,300 across five distinct apps before takedown. Behind the scenes, threat actors leveraged legitimate-looking interfaces to gain access where it mattered most.
One investigation found that certain browser add-ons aimed to breach corporate systems, either by capturing login details or disrupting protective measures. Though appearing under distinct titles and author profiles, these tools carried matching coding patterns, operational frameworks, and selection methods – pointing to coordination behind their release. A person using the handle databycloud1104 was linked to four of them; another version emerged through a separate label called Software Access.
Appearing alongside standard business applications, these extensions asked for permissions typical of corporate tools. One moment they promised better control over company accounts, the next they emphasized locking down admin functions. Positioned as productivity aids, several highlighted dashboard interfaces meant to streamline operations across teams. Instead of standing out, their behavior mirrored genuine enterprise solutions. Claimi
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: