Find notable cyber news and cases, enriched with sources, timelines, and signals.

Malicious Chrome extensions hijack Workday, NetSuite, and SuccessFactors sessions

Malware Activity
First reported
Last updated
Happening score
H score 20
2 unique sources, 2 articles

Summary

Hide ▲

Five malicious Google Chrome extensions are impersonating Workday, NetSuite, and SuccessFactors to steal credentials and hijack victim sessions, creating immediate account takeover risk. The extensions steal authentication tokens, block security and incident-response pages, and can inject stolen cookies to take control of accounts. Most of the add-ons were removed from the Chrome Web Store, but some remain available on third-party download sites. Two of the extensions were first published in August 2021, showing the operation has persisted over time.

Related Happenings

Search for perplexity ai malicious Chrome extension

Malware Activity
H score29 First: 29.06.2026 21:40 Last: 29.06.2026 21:40 Sources 1

About this happening: A malicious **Chrome extension** named **Search for perplexity ai** impersonated **Perplexity AI** while **intercepting search traffic** and collecting **browsing information** th...

StegoAd malicious Edge extension operation

Malware Activity
H score19 First: 29.06.2026 11:32 Last: 29.06.2026 11:32 Sources 1

About this happening: The **StegoAd** operation was removed from the **Edge Add-ons store** after hiding payloads in images and fonts, stealing credentials, and driving **ad fraud** across installs tha...

Dormant remote-controlled JavaScript injection path in Adblock for YouTube Chrome extension

Technical Analysis
H score23 First: 25.06.2026 17:12 Last: 25.06.2026 17:12 Sources 1

About this happening: A **Chrome extension** with **10 million+ installs** was found to carry a **dormant script-injection path**, raising the risk of **arbitrary JavaScript execution** across visited...

Chrome extension PUP distribution network with fake organic traffic

Malware Activity
H score18 First: 15.06.2026 14:07 Last: 15.06.2026 14:07 Sources 1

About this happening: A network of **152 Google Chrome extensions** is distributing a **potentially unwanted program (PUP) family** through new-tab live-wallpaper add-ons, creating a broad browser-base...

Google Chrome DBSC rolls out session-cookie theft protection for all users

Security Tool/Service
H score10 First: 29.05.2026 15:08 Last: 29.05.2026 15:08 Sources 1

About this happening: Google's **Chrome Device Bound Session Credentials (DBSC)** is now **generally available** and rolling out to **all users**, reducing the risk of **account takeovers** from stolen...

Timeline

  1. 16.01.2026 16:09 1 articles · 5mo ago

    Malicious DataByCloud 1 and DataByCloud 2 first published

    Campaign Scope Update

    Malicious Google Chrome extensions DataByCloud 1 and DataByCloud 2 were first published on August 18, 2021 as part of an extension set that impersonates Workday, NetSuite, and SuccessFactors tools to harvest authentication data and support account takeover.

    Show sources
  2. 16.01.2026 16:09 2 articles · 5mo ago

    Researchers disclose five malicious Chrome extensions impersonating Workday and NetSuite

    Initial Disclosure

    Researchers identified five malicious Google Chrome extensions masquerading as Workday, NetSuite, and SuccessFactors tools to steal authentication cookies and tokens, block security administration pages, and enable session hijacking for complete account takeover; most were removed from the Chrome Web Store, while some remained on third-party download sites such as Softonic.

    Show sources