08 Dec Malicious Chrome Extension Fuel Industrial Espionage Fears
Real-time IT analytics firm ExtraHop recently discovered malicious data collection activity from a Chrome extension for developers named Postman, which already has over 27,000 installs.
The extension, which is said to be a clone of another popular Chrome extension of the same name, was observed to be collecting browser histories. ExtraHop says this is worrisome since developers usually access URLs of internal networks, APIs, and applications, and this information can be sold to unethical competitors, and can also be used to plan future attacks.
However, ExtraHop added that the IP address where Postman collected browsing history data appears to be “clean,” and is not associated with any known cybercriminal group.