Warning: Cyberhaven's browser plug-ins were implanted with malicious code, and multiple plug-ins were attacked

AabyssTeam founder Yu X issued a security warning that Cyberhaven security company was attacked by a phishing email, which led to the implantation of malicious code in the browser extension it released, attempting to read the browser cookies and passwords uploaded by users. Subsequent analysis of the code found that multiple browser extensions were attacked, including Proxy SwitchyOmega (V3), which affected 500,000 users on the Google Store and has now been addressed. SlowMist founder Yu Xian forwarded the warning and said that this type of attack uses the OAuth2 attack chain, obtaining the "extension publishing permission" of the "target browser extension" developer, and publishing an extension update with a backdoor. Each time the browser is started or the extension is reopened, the update may be automatically triggered, and the backdoor implantation is difficult to detect. Remind wallet extension program publishers not to be careless.