Malicious credential-stealing Chrome extensions targeting enterprise HR and ERP platforms have been discovered, creating an unsafe environment for business operations. These extensions may appear harmless on the surface, but they can have serious repercussions for any business caught off guard.
HR departments may not look like prime targets for malicious cyberattacks, but there are nefarious forces at play that don’t leave any opportunities sitting on the table. Cybersecurity firm Socket recently uncovered malicious Chrome extensions on the browser’s Web Store that targeted platforms like Workday, SuccessFactors, and NetSuite. These extensions have already been installed over 2,300 times, and while that may seem like a relatively small number, it highlights just how many of these cybersecurity threats manage to evade detection.
This Chrome extension’s social engineering attack may not fall under the HR purview, but it is important for teams to be aware of the threats that persist online, which could catch unsuspecting employees by surprise.
Cybersecurity firm Socket recently uncovered multiple malicious Chrome extensions targeted at enterprise HR and ERP platform users. (Image: Freepik)
Malicious Chrome Extensions Targeting Enterprise HR and ERP Platforms Uncovered
Free online tools are always an attractive proposition, offering premium services at no cost to the user. Unfortunately, many free or convenient services come with undefined costs that only reveal themselves once it is too late. Cybersecurity firm Socket was the first to uncover this particular instance of malicious Chrome extensions masquerading as HR support systems.
They found that the extensions were geared towards users of various human resources and enterprise resource planning (ERP) platforms, conveniently showcasing ways to improve productivity and streamline access to said enterprise platforms. Four of the extensions identified were published under databycloud1104, while another extension was made available by softwareaccess, and shared similar infrastructure patterns to the others.
What Did These Malicious Extensions Offer to the User?
The enterprise HR Chrome malware promised different benefits to users. One extension, DataByCloud Access, is offered to act as a bulk tool manager with “premium tools” designed for platforms like Workday and NetSuite. It suggested that it could help purchase and manage enterprise accounts, with additional plugin support. Other extensions went so far as to promise additional security and management features to the user.
Tool Access 11 was an extension that could “restrict access to special tools” and limit other users to only accessing the features they needed. It suggested that untrained users might compromise the safety of the account overall, but with the extension, they would only be limited to accessing the essentials. This clearly targeted account administrators or more senior members of an organization who wanted to limit employee access to their enterprise platforms.
The credential-stealing Chrome extensions were set up to take control of the accounts despite their claims of security. From extracting authentication cookies to preventing any incident response actions against itself, the extensions were designed to take data and prohibit any action from being conducted against it. It even limited the user’s ability to change passwords and ensured that the access tokens that were stolen remained valid without limitation. Even when the scam was discovered, administrators were unable to set things right once more.
The Cybersecurity Threats to HR are Growing Every Day
The enterprise HR Chrome malware may have only been able to target about 2,300 users, but the impact extends beyond data theft and malicious interference. The mental strain and anxiety caused by such scams are equally damaging to an individual or business. Such cybersecurity threats directed at HR teams are growing every day. Fake job applicants and scammers are attempting to dupe HR teams and recruiters into hiring them.
On the other hand, fake emails from scammers disguising themselves as HR teams are attempting to manipulate employees into clicking on unsafe links as well. The overall impact of these scams may be small, catching only a limited number of victims offguard. But with AI tools at their disposal, these campaigns are growing more sophisticated every day. Protecting HR workers and administrators from falling victim to these attacks is the first step to keeping the organization safe as a whole.
Training and Awareness Regarding These Online Threats Is Essential
The intention behind installing these Chrome extensions is a considerate move from HR workers and administrators who may just want to better their own productivity and management. Anger and frustration towards those who might be tricked by such enterprise HR-related Chrome malware doesn’t serve any benefit, but building towards more precautions does.
Teaching employees to be safer online and identify signs of malicious intent can protect the company long-term. Reminders to avoid relying on third-party links and other sketchy software may seem unnecessary, but a timely alert can inhibit employees from clicking on anything they shouldn’t. The first step involves building awareness regarding these scams within the organization.
Training workers and running internal programs on cybersecurity can be just as beneficial. A deeper understanding of the digital world is essential to thrive in the modern workplace, and not all workers arrive with a similar degree of insight into the threats that surround them. It is equally important for an organization to invest in a small team that is well-versed in addressing these threats to ensure that there are individuals on standby to help when things go awry. Digital security can no longer be an afterthought, as it’s now a prime consideration for any work that happens via technology.
Have you seen or interacted with these malicious Chrome extensions targeting HR or employees in general? Share your experiences with us. Subscribe to The HR Digest for more insights on workplace trends, layoffs, and what to expect with the advent of AI.
