Cybersecurity

Cyber: Credential-stealing Chrome Extensions Target Enterprise Hr Platforms

2026-01-17 0 views admin
Cyber: Credential-stealing Chrome Extensions Target Enterprise Hr Platforms

Malicious Chrome extensions on the Chrome Web Store masquerading as productivity and security tools for enterprise HR and ERP platforms were discovered stealing authentication credentials or blocking management pages used to respond to security incidents.

The campaign was discovered by cybersecurity firm Socket, which says it identified five Chrome extensions targeting Workday, NetSuite, and SAP SuccessFactors, collectively installed more than 2,300 times.

"The extensions target the same enterprise platforms and share identical security tool detection lists, API endpoint patterns, and code structures, indicating a coordinated operation despite appearing as separate publishers."

The extensions were published under different names but the researchers say they share identical infrastructure, code patterns, and targeting. Four of the extensions were published under the developer name databycloud1104, while the fifth used different branding under the name Software Access.

While the extensions affected only 2,300 users, the theft of enterprise credentials could fuel large-scale ransomware and data theft attacks.

Socket says the extensions were promoted to users of enterprise HR and ERP platforms, presenting themselves as tools designed to improve productivity, streamline workflows, or enhance security controls.

Several of the extensions claimed to offer simplified access to "premium tools" for Workday, NetSuite, and other platforms.

One of the more popular extensions, Data By Cloud 2, was installed 1,000 times and promoted as a dashboard offering bulk management tools and faster access for users managing multiple enterprise accounts.

Another extension, Tool Access 11, positioned itself as a security-focused add-on that would restrict access to sensitive administrative features. Its listing claimed the extension could limit user interactions with "special tools" to prevent account compromise.

Other extensions in the group used similar language about providing "access" to tools and services, requesting permissions that appeared consistent with enterprise integrations.

Source: BleepingComputer

🏷️ Tags

cybersecuritysecurityransomwareattack

More from Cybersecurity

Cyber: Black Basta Ransomware Leader Added To Eu Most Wanted And Interpol...

Cyber: Black Basta Ransomware Leader Added To Eu Most Wanted And Interpol...

2026-01-17 0
Cyber: Malicious Ghostposter Browser Extensions Found With 840,000 Installs

Cyber: Malicious Ghostposter Browser Extensions Found With 840,000 Installs

2026-01-17 0
Cyber: Openai To Show Ads In Chatgpt For Logged-in U.s. Adults On Free And...

Cyber: Openai To Show Ads In Chatgpt For Logged-in U.s. Adults On Free And...

2026-01-17 0
Cyber: Openai Says Its New Chatgpt Ads Won't Influence Answers 2026

Cyber: Openai Says Its New Chatgpt Ads Won't Influence Answers 2026

2026-01-16 0

Trending

1

Tech: Go-legacy-winxp: Compile Golang 1.24 code for Windows XP

2026-01-15 • 4457 views
2

Tech: Data is the only moat

2026-01-15 • 4133 views
3

Tech: Pocket TTS: A high quality TTS that gives your CPU a voice

2026-01-15 • 3239 views
4

Tech: AWS European Sovereign Cloud

2026-01-15 • 2741 views
5

Tech: JuiceFS is a distributed POSIX file system built on top of Redis and S3

2026-01-15 • 2719 views