February Security Roundup

In the news this month: 

• Hijacked Chrome extensions put millions of accounts at risk
• Fake CAPTCHAs deploying dangerous malware
• Healthcare data breach in US exposes 1 million patient records
• North Korean hackers use PDFs to hijack devices
• Malware-infected game targets Steam users

Chrome extension attack: 2.6 million users put at risk

A cyberattack has put over 2.6 million users at risk after at least 35 Google Chrome extensions were compromised.

Attackers used phishing emails targeting extension publishers, tricking them into injecting malicious code. This allowed threat actors to steal user access tokens and cookies, risking sensitive account data.

Cyberhaven found that attackers embedded malicious code to communicate with a remote server at cyberhavenext[.]pro, enabling further data theft.

Fraudulent emails posed as Google Chrome Web Store Support, falsely warning developers of imminent extension removal due to policy violations.

Over 35 compromised extensions have been identified, mainly targeting VPN and AI assistant extensions due to their broad privileges.

Recommendations

• Once the initial PowerShell command is run, additional malware loaders are activated.
• File-less malware is executed on victim machines, making detection harder.
• Google Chrome credential files are accessed, and registry keys are manipulated.
• The attack appears highly automated after initial user interaction.

Recommendations

Healthcare sector breach: One million patients exposed

A Connecticut-based federally qualified health center (CHC) has disclosed a data breach potentially affecting over a million individuals, including patients and COVID-19 test/vaccine recipients. The exposed data includes:

• Social Security Numbers (SSNs)
• Medical diagnoses, test results, and treatment details
• Insurance information

To mitigate the damage, CHC has:

North Korean hackers exploit PowerShell to hijack devices

The North Korean hacker group Kimsuky is using a new PowerShell-based attack to hijack devices via spear-phishing emails.

Victims are tricked into opening what appears to be a legitimate PDF, but instead, they execute a malicious PowerShell script with admin privileges. This installs a remote desktop tool, allowing attackers to gain control and steal data.

Microsoft has observed this method in limited attacks since January 2025.

Recommended actions:

It’s yet another example of why phishing remains a critical tactic in the cyber attackers playbook, reinforcing the need for organisations and their workforce to remain ever vigilant and continually aware.

Gaming security breach: Steam users targeted with malware-infested game

A recent malware attack on Steam highlights the importance of cybersecurity in gaming. PirateFi, a free-to-play beta game, was found to contain Trojan.Win.32.Lazzy.gen, a malware capable of stealing browser cookies and online credentials.

The game was quickly removed, but around 900 users had already downloaded it.

It’s a vital reminder that a Zero Trust mindset is not just for the workplace, it’s for all digital interactions. And as the lines between work and home blur, any breach can have the power to cause chaos anywhere.

Recommendations for anyone affected: