Here we go. It appears that the individuals behind the successful compromise of the Cyberheaven VPN Chrome extensions are currently busy or at least have several other upcoming and in the works campaigns targeting several other vendors of Chrome VPN extensions.
The first example is hxxp://censortracker.pro which apparently aims to target the legitimate (hxxp://censortracker.org).
Relate domains:
hxxp://cyberhavenext.pro – 149.28.124.84
hxxp://api.cyberhaven.pro – 149.248.2.160
Parked at 149.28.124.84:
hxxp://graphqlnetwork.pro
hxxp://yescaptcha.pro
hxxp://iobit.pro
hxxp://videodownloadhelper.pro
hxxp://uvoice.live
hxxp://castorus.info
hxxp://bookmarkfc.info
hxxp://cyberhavenext.pro
hxxp://parrottalks.info
hxxp://primusext.pro
hxxp://yujaverity.info
hxxp://internxtvpn.pro
hxxp://censortracker.pro
hxxp://vpncity.live
hxxp://wayinai.live
hxxp://moonsift.store
hxxp://readermodeext.info
hxxp://ext.linewizeconnect.com
hxxp://ussc.intl.justalkcloud.com
This article has been indexed from Security BoulevardRead the original article: