Five Malicious Chrome Extensions Target Enterprise HR and Financial Systems

Five Chrome extensions attack platforms like Workday, stealing tokens and hijacking sessions, affecting 2,300 users with cookie injection.

By Content Team

Jan 20, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Five coordinated Chrome extensions are attacking major enterprise platforms like Workday, NetSuite, and SuccessFactors, affecting over 2,300 users. Published under names "databycloud1104" and "softwareaccess," these fake productivity tools steal authentication tokens and hijack user sessions.

The most dangerous feature involves bidirectional cookie injection, letting attackers access victim accounts without passwords or bypassing multi-factor authentication. The extensions extract session tokens every 60 seconds and block up to 56 administrative pages, preventing security teams from resetting passwords or disabling compromised accounts.

When administrators try to respond, the extensions replace security pages with blank content, creating a scenario where breaches are detected but can't be stopped through normal procedures.

Source: Cybersecurity News

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Cyber Fraud Now Top CEO Fear, Overtaking Ransomware Threat

Jan 14, 2026

ShinyHunters Cybercriminals Expand Cloud-Targeting Extortion Operations

Feb 2, 2026

Adobe Rushes Emergency Patch for Acrobat Reader Zero-Day Under Active Attack

Apr 13, 2026

Google Patches Two Actively Exploited Chrome Zero-Days

Mar 13, 2026