Malicious Chrome Extensions Exploit Business Platforms to Hijack User Accounts
WASHINGTON, D.C. — Cybersecurity researchers have uncovered a widespread campaign involving malicious Google Chrome extensions that steal login credentials from business users by impersonating popular enterprise platforms such as Workday, NetSuite, and SAP SuccessFactors. These extensions, disguised as productivity or security tools, quietly hijack user accounts and bypass security controls, posing a significant threat to organizations globally.
The threat was identified by the Threat Research Team at Socket, who discovered five distinct Chrome extensions linked to this operation. Marketed under professional-sounding names like DataByCloud AccessTool and Software Access, these add-ons presented polished dashboards and convincing business-oriented descriptions to lure users into installing them. Once installed, they capture login data and disable security features designed to protect accounts, often without any obvious warning signs.
Google responded promptly after being contacted by cybersecurity experts, removing the malicious extensions from the official Chrome Web Store. However, some of these dangerous add-ons remain available through third-party software download sites, continuing to expose users to risk. Experts advise anyone who finds extensions named DataByCloud AccessTool, Access 11, DataByCloud 1, DataByCloud 2, or Software Access installed in their browser to remove them immediately.
This incident highlights the ongoing challenge of securing digital work environments against sophisticated cyber threats that exploit trusted platforms. The Cybersecurity and Infrastructure Security Agency emphasizes vigilance in monitoring browser extensions and maintaining strict access controls to prevent unauthorized data access. Similarly, the Federal Bureau of Investigation’s Cyber Division has issued warnings about phishing and malware campaigns targeting enterprise credentials.
Business platforms like Workday, NetSuite, and SAP SuccessFactors are widely used for human resources, financial management, and enterprise resource planning, making them attractive targets for cybercriminals seeking to access sensitive corporate data. By masquerading as helpful tools that promise enhanced productivity or security, these malicious extensions exploit user trust to infiltrate organizational systems.
Users and IT administrators are urged to regularly audit installed browser extensions, verify their authenticity, and rely on official sources for software downloads. The United States Computer Emergency Readiness Team recommends implementing multi-factor authentication and continuous monitoring to mitigate the impact of credential theft.
As cyber threats evolve, this episode serves as a stark reminder that even seemingly benign browser add-ons can harbor hidden dangers. Organizations must remain proactive in their cybersecurity strategies to safeguard critical business operations from such deceptive attacks.
Leave a Reply