Security researchers have identified five malicious Chrome extensions designed to impersonate popular human resource (HR) and enterprise resource planning (ERP) platforms, including Workday, NetSuite, and SuccessFactors. These extensions facilitate serious security threats such as credential theft and session hijacking, which could compromise user accounts and sensitive information.
The research team at Socket discovered that these extensions could enable attackers to steal authentication tokens, block incident response efforts, and even allow for complete account takeovers. Although all five extensions were promptly removed from the Google Chrome Web Store, users who previously installed them may still face security risks until they fully uninstall the extensions and conduct thorough system scans.
The identified malicious extensions are:
– DataByCloud Access Tool
– Access 11
– DataByCloud 1
– DataByCloud 2
– Software Access
According to reports, these extensions accumulated a total of 2,739 downloads, indicating a limited yet concerning reach. It is important to note that the extensions remain available on third-party download sites, such as Softonic, despite their removal from the official store. As of the latest checks, Softonic’s site was unavailable for verification.
Users of Workday, NetSuite, and SuccessFactors should remain vigilant. These platforms are commonly utilized by medium to large organizations for essential functions like HR, finance, payroll, and operations. A successful account takeover in these environments could lead to extensive cyberattacks, potentially resulting in millions of dollars in damages and affecting thousands of individuals.
“The combination of continuous credential theft, administrative interface blocking, and session hijacking creates a scenario where security teams can detect unauthorized access but cannot remediate through normal channels,” Socket explained in their findings. This highlights the complexities security teams might face when addressing these threats.
The implications of these breaches extend beyond immediate security concerns. Some of the extensions were reportedly published over four years ago, raising alarms about the longevity of such threats and the need for continuous vigilance against evolving cyber risks.
As the digital landscape continues to expand, users are urged to critically assess the browser extensions they install. Regular updates and security checks can help mitigate risks associated with malicious software. Cybersecurity remains a shared responsibility, and being proactive is essential in protecting sensitive information from exploitation.
