Cybersecurity

Cyber: Five Malicious Chrome Extensions Impersonate Workday And Netsuite...

2026-01-16 0 views admin
Cyber: Five Malicious Chrome Extensions Impersonate Workday And Netsuite...

Cybersecurity researchers have discovered five new malicious Google Chrome web browser extensions that masquerade as human resources (HR) and enterprise resource planning (ERP) platforms like Workday, NetSuite, and SuccessFactors to take control of victim accounts.

"The extensions work in concert to steal authentication tokens, block incident response capabilities, and enable complete account takeover through session hijacking," Socket security researcher Kush Pandya said in a Thursday report.

All of them, with the exception of Software Access, have been removed from the Chrome Web Store as of writing. That said, they are still available on third-party software download sites such as Softonic. The add-ons are advertised as productivity tools that offer access to premium tools for different platforms, including Workday, NetSuite, and other platforms.. Two of the extensions, DataByCloud 1 and DataByCloud 2, were first published on August 18, 2021.

"Tool Access 11 (v1.4) prevents access to 44 administrative pages within Workday by erasing page content and redirecting to malformed URLs," Pandya explained. "This extension blocks authentication management, security proxy configuration, IP range management, and session control interfaces."

This is achieved by DOM manipulation, with the extension maintaining a list of page titles that's constantly monitored. Data By Cloud 2 expands the blocking feature to 56 pages, adding crucial functions like password changes, account deactivation, 2FA device management, and security audit log access. It's designed to target both production environments and Workday's sandbox testing environment at "workdaysuv[.]com."

Chrome users who have installed any of the aforementioned add-ons are advised to remove them from their browsers, perform password resets, and review for any signs of unauthorized access from unfamiliar IP addresses or devices.

"The combination of continuous credential theft, administrative interface blocking, and session hijacking creates a scenario where security teams can detect unauthorized access but cannot remediate through normal channels," Socket said.

Source: The Hacker News

🏷️ Tags

cybersecuritysecurity

More from Cybersecurity

Cyber: Verizon Starts Issuing $20 Credits After Nationwide Outage 2026

Cyber: Verizon Starts Issuing $20 Credits After Nationwide Outage 2026

2026-01-16 0
Cyber: Cisos Rise To Prominence: Security Leaders Join The Executive Suite

Cyber: Cisos Rise To Prominence: Security Leaders Join The Executive Suite

2026-01-16 0
Cyber: Ai System Reduces Attack Reconstruction Time From Weeks To Hours

Cyber: Ai System Reduces Attack Reconstruction Time From Weeks To Hours

2026-01-16 0
Cyber: Microsoft: Windows 11 Update Causes Outlook Freezes For Pop Users

Cyber: Microsoft: Windows 11 Update Causes Outlook Freezes For Pop Users

2026-01-16 0

Trending

1

Tech: Go-legacy-winxp: Compile Golang 1.24 code for Windows XP

2026-01-15 • 4457 views
2

Tech: Data is the only moat

2026-01-15 • 4133 views
3

Tech: Pocket TTS: A high quality TTS that gives your CPU a voice

2026-01-15 • 3239 views
4

Tech: AWS European Sovereign Cloud

2026-01-15 • 2741 views
5

Tech: JuiceFS is a distributed POSIX file system built on top of Redis and S3

2026-01-15 • 2719 views