Compromised extensions

	A	B	C	D	E	F	G	H	I	J
1	Name	ID	Version	Patch	Available	Users	Start	End	Code Family	Notes
2	VPNCity	nnpnnpemnckcfdebeekibpiijlicmpom	2.0.1		FALSE	10000	12/12/24	12/31/24	1	Removed from the web store 12/31/24
3	Parrot Talks	kkodiihpgodmdankclfibbiphjkfdenh	1.16.2		TRUE	40000	12/25/24	12/31/24	1	Attacker infrastructure offline 12/31, code likely still present.
4	Uvoice	oaikpkmjciadfpddlpjjdapglcihgdle	1.0.12		TRUE	40000	12/26/24	12/31/24	1	Attacker infrastructure offline 12/31, code likely still present.
5	Internxt VPN	dpggmcodlahmljkhlmpgpdcffdaoccni	1.1.1	1.2.0	TRUE	10000	12/25/24	12/29/24	1
6	Bookmark Favicon Changer	acmfnomgphggonodopogfbmkneepfgnh	4.00		TRUE	40000	12/25/24	12/31/24	1	Attacker infrastructure offline 12/31, code likely still present.
7	Castorus	mnhffkhmpnefgklngfmlndmkimimbphc	4.40	4.41	TRUE	50000	12/26/24	12/27/24	1
8	Wayin AI	cedgndijpacnfbdggppddacngjfdkaca	0.0.11		TRUE	40000	12/19/24	12/31/24	1	Attacker infrastructure offline 12/31, code likely still present.
9	Search Copilot AI Assistant for Chrome	bbdnohkpnbkdkmnkddobeafboooinpla	1.0.1		TRUE	20000	7/17/24	12/31/24	1	Attacker infrastructure offline 12/31, code likely still present.
10	VidHelper - Video Downloader	egmennebgadmncfjafcemlecimkepcle	2.2.7		TRUE	20000	12/26/24	12/31/24	1	Attacker infrastructure offline 12/31, code likely still present.
11	AI Assistant - ChatGPT and Gemini for Chrome	bibjgkidgpfbblifamdlkdlhgihmfohh	0.1.3		FALSE	4000	5/31/24	10/25/24	1	Removed from the web store 10/25/24
12	TinaMind - The GPT-4o-powered AI Assistant!	befflofjcniongenjmbkgkoljhgliihe	2.13.0	2.14.0	TRUE	40000	12/15/24	12/20/24	1
13	Bard AI chat	pkgciiiancapdlpcbppfkmeaieppikkk	1.3.7		FALSE	100000	9/5/24	10/22/24	1	Removed from the web store 10/22/24
14	Reader Mode	llimhhconnjiflfimocjggfjdlmlhblm	1.5.7		FALSE	300000	12/18/24	12/19/24	1 & 2	Removed from the web store 12/19/24
15	Primus (prev. PADO)	oeiomhmbaapihbilkfkhmlajkeegnjhe	3.18.0	3.20.0	TRUE	40000	12/18/24	12/25/24	1
16	Tackker - online keylogger tool	ekpkdmohpdnebfedjjfklhpefgpgaaji	1.3	1.4	TRUE	10000	10/6/23	8/13/24	2
17	AI Shop Buddy	epikoohpebngmakjinphfiagogjcnddm	2.7.3		TRUE	4000	4/30/24		2	Two version of exploit code present
18	Sort by Oldest	miglaibdlgminlepgeifekifakochlka	1.4.5		TRUE	2000	1/11/24		2
19	Rewards Search Automator	eanofdhdfbcalhflpbdipkjjkoimeeod	1.4.9		TRUE	100000	5/4/24		2	Two versions of exploit code present. Version 1.5.0 published August 26th, 2024 removed one of them.
20	Earny - Up to 20% Cash Back	ogbhbgkiojdollpjbhbamafmedkeockb	1.8.1		TRUE	10000	4/5/23		3
21	ChatGPT Assistant - Smart Search	bgejafhieobnfpjlpcjjggoboebonfcg	1.1.1		TRUE	189	2/12/24		2
22	Keyboard History Recorder	igbodamhgjohafcenbcljfegbipdfjpk	2.3		TRUE	5000	7/29/24		2
23	Email Hunter	mbindhfolmpijhodmgkloeeppmkhpmhc	1.44		TRUE	100000	9/17/24		2	Region locked on the web store. Accessed from France and India.
24	Visual Effects for Google Meet	hodiladlefdpcbemnbbcpclbmknkiaem	3.1.3	3.2.4	TRUE	900000	6/13/23	1/10/24	2 & 3
25	Cyberhaven security extension V3	pajkjnmeojmbapicmbpliphjmcekeaac	24.10.4	24.10.5	TRUE	400000	12/24/24	12/26/24	1
26	GraphQL Network Inspector	ndlbedplllcgconngcnfmkadhokfaaln	2.22.6	2.22.7	TRUE	80000	12/29/24	12/30/24	1	2.22.5 (clean) was also published on 12/29/24 so multiple code pushes in the same day
27	GPT 4 Summary with OpenAI	epdjhgbipjpbbhoccdeipghoihibnfja	1.4		FALSE	10,000	8/11/24	9/29/24	1	Removed from the web store 9/29/24. May have started earlier.
28	Vidnoz Flex - Video recorder & Video share	cplhlgabfijoiabgkigdafklbhhdkahj	1.0.161		FALSE	6,000	12/25/24	12/29/24	1	Removed from the web store 12/29/24
29	YesCaptcha assistant	jiofmdifioeejeilfkpegipdjiopiekl	1.1.61		TRUE	200,000	12/29/24	12/31/24	1	Attacker infrastructure offline 12/31, extension has been updated
30	Proxy SwitchyOmega (V3)	hihblcmlaaademjlakdpicchbjnnnkbo	3.0.2		FALSE	10,000	12/30/24	12/31/24	1	Attacker infrastructure offline 12/31, extension has been upaded
31	ChatGPT App	lbneaaedflankmgmfbmaplggbmjjmbae	1.3.8		TRUE	7,000	9/3/24		2	May have started earlier, missing data right now
32	Web Mirror	eaijffijbobmnonfhilihbejadplhddo	2.4		TRUE	4,000	10/13/23		2	May have started earlier, missing data right now
33	Hi AI	hmiaoahjllhfgebflooeeefeiafpkfde	1.0.0		TRUE	229	7/29/24		2	May have started earlier, missing data right now
34						2,602,418
35	Detailed information at: https://secureannex.com/blog/cyberhaven-extension-compromise
36
37	Code family definitions
38	1: Most recent attacks with code that uses '*ext.[pro\|co\|info\|ink]" domains		1,460,000
39	2: Attacks with code using 'sclpfybn[.]com'		1,142,418
40	3: Attacks with oldest code using 'tnagofsg[.]com' references
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100