Security Alert: A browser extension released by Cyberhaven has been injected with malicious code, and multiple extensions have been compromised

BlockBeats News, January 12th, AabyssTeam founder X issued a security alert. Cyberhaven security company was targeted in a phishing email attack, leading to the distribution of a browser extension with malicious code designed to extract user browser cookies and passwords. Subsequent code analysis revealed multiple browser extensions were compromised, including Proxy SwitchyOmega (V3), impacting half a million users on the Chrome Web Store, currently under scrutiny.

SlowMist founder Cosmos retweeted the alert, indicating that this attack leveraged an OAuth2 attack chain. By obtaining the "target browser extension" developer's "extension publishing permission," the attackers released extension updates with backdoors. Each browser launch or extension reopening may automatically trigger the update, making the backdoor implantation difficult to detect. Wallet extension developers are reminded not to be complacent.