ExtraHop Talks Fake Postman Extension on The CyberWire

ExtraHop on The CyberWire

February 14, 2019

ExtraHop on The CyberWire

Let's talk Chrome Extension malware and supply-chain attacks

In November of 2018, ExtraHop detected, investigated, and remediated a data leak on our own network using our network traffic analysis product, Reveal(x).

This week, our VP of Security Matt Cauthorn spoke with Dave Bittner of The CyberWire about our investigation and the dangerous impact of malware like the fake Postman Chrome Extension:

"It's effectively a software supply-chain attack ... this malicious developer basically squatted on the name in the Extension Store and was able to slip in malicious code under the guise of this service."

Click to listen to the interview!

Discover more

CybersecurityCompanyRevealX

Jaq Evans

Manager, Content Marketing

Jaq writes about tech by day and monsters by night. Other hobbies include tree climbing, reading everything, and almost killing plants.

Connect with Jaq on LinkedIn!

Explore related articles

Hacker, Interrupted

January 31, 2019

What happens when you find a data leak in your own environment? Learn how I used ExtraHop Reveal(x) to catch the fake Postman Chrome extension.

TechCybersecurityNTARevealX

Read article

Espionage Through Chrome Extensions

January 31, 2019

After detecting and investigating a fake Postman Chrome Extension using Reveal(x) network traffic analysis, one question remained: how much damage could a more sophisticated attacker do? I made my own Chrome malware to find out. Here's what I learned.

TechCybersecurityNTARevealX

Read article

Experience RevealX NDR for Yourself

Schedule a demo

What is NDR

RevealX Platform

Integrations

NPM Resources

Capabilities

Ransomware Attacks

Advanced Threat Hunting

Threat Detection and Response

Network Forensics and Investigation

Security Hygiene

Cloud Workload Security

Operational Resilience

Troubleshooting and Resolution

Cloud Migration

Cloud Workload Monitoring

Network Forensics

Zero Trust

Multicloud & Hybrid Cloud Security

XDR Strategy

SOC Modernization

Digital Transformation

Financial Services

Education

Public Sector

Federal Civilian Agencies

Defense and Intelligence

State and Local Government

View Now

Technology Partners

Channel Partners

Managed Service Providers

Apply Today

Sign In

Service Credits

Resident Experts

Implementation Services

Customer Community

Technical Support

Education Services

Leadership Team

Careers

About

Virtual

In Person

View & Register

View & Register

Reports

Demos & Videos

Webinars

Briefs

At-a-glance

Papers & E-books

Datasheets

Blog

Attack Types

Network Protocols

News & Articles

Overview

What is NDR

RevealX Platform

Integrations

Overview

NPM Resources

Capabilities

Overview

Overview

Overview

Ransomware Attacks

Advanced Threat Hunting

Threat Detection and Response

Network Forensics and Investigation

Security Hygiene

Cloud Workload Security

Overview

Operational Resilience

Troubleshooting and Resolution

Cloud Migration

Cloud Workload Monitoring

Network Forensics

Overview