Search
Breaking
Latest technical intelligence from Northeast India • Infrastructure, AI, Cloud & Security Analysis • Precision Analysis | Raw Intelligence | Your North Star of Tech • Latest technical intelligence from Northeast India • Infrastructure, AI, Cloud & Security Analysis
SECURITY

Analysis: Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts

👤 By Connect Quest Analyst via Connect Quest Artist
📅 16-01-2026 22:52
Analytical - Independent Analysis
⏱️ 3 min read
Analysis: Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts Image: Stock - Security
Malicious Chrome Extensions Targeting Workday and NetSuite Users

Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts

In a concerning development for businesses and individuals relying on Workday and NetSuite platforms, cybersecurity researchers have uncovered five malicious Google Chrome extensions that mimic these HR and ERP solutions to infiltrate user accounts.

The Extensions' Modus Operandi

These extensions work together to steal authentication tokens, impede incident response capabilities, and facilitate complete account takeover through session hijacking. Kush Pandyas, a researcher at Socket security, revealed these details in a report published on January 16, 2026.

The Extensions and Their Functionality

  • DataByCloud Access: With over 1,000 installs, this extension collects authentication cookies for specified domains and transmits them to the "api.databycloud[.]com" domain every 60 seconds.
  • Tool Access 11: This extension blocks access to 44 administrative pages within Workday by erasing page content and redirecting to malformed URLs.
  • DataByCloud 1: This extension replicates the cookie-stealing functionality from DataByCloud Access while preventing code inspection using web browser developer tools.
  • DataByCloud 2: This extension expands the blocking feature to 56 pages, targeting both production environments and Workday's sandbox testing environment.
  • Software Access: The most sophisticated extension combines cookie theft with the ability to receive stolen cookies and inject them into the browser for direct session hijacking.

Implications for North East India and Beyond

While this threat primarily affects Workday and NetSuite users globally, including those in North East India, it underscores the growing need for vigilance and awareness about cybersecurity threats. As more businesses in the region embrace digital transformation, they become increasingly vulnerable to such attacks.

Protecting Yourself from These Threats

If you have installed any of the aforementioned add-ons, it is advisable to remove them from your browser, perform password resets, and review for any signs of unauthorized access from unfamiliar IP addresses or devices.

Looking Ahead

The combination of continuous credential theft, administrative interface blocking, and session hijacking creates a scenario where security teams can detect unauthorized access but cannot remediate through normal channels. As such, it is crucial for users and businesses to stay informed about the latest cybersecurity threats and take proactive measures to protect their digital assets.

Tags:
security analysis northeast original

Executive Summary & Legal Disclaimer

This artifact constitutes a concise, Connect Quest Artist–generated executive abstraction derived exclusively from publicly available source information and intentionally synthesized to establish high-confidence strategic alignment, enterprise value-creation clarity, and cohesive multi-stakeholder narrative directionality. The content represents a deliberately curated, insight-driven aggregation of externally observable data signals, disclosures, and contextual inputs, structured to meaningfully inform strategic orientation, illuminate cross-functional synergies, and provide directional clarity aligned to a clearly articulated strategic north star, while maintaining sufficient abstraction to preserve executive relevance.

Notwithstanding the foregoing, this summary, within and without any interpretive, contextual, methodological, temporal, or execution-adjacent framing, shall not be construed, inferred, abstracted, operationalized, re-operationalized, meta-operationalized, relied upon, misrelied upon, or otherwise positioned as constituting, approximating, signaling, enabling, proxying, or anti-proxying any form of authoritative, determinative, execution-capable, reliance-eligible, or reliance-adjacent legal, financial, regulatory, technical, or operational guidance, nor as a prerequisite, dependency, antecedent, consequence, causal input, non-causal input, or post-causal artifact for implementation, execution, non-execution, enforcement, non-enforcement, or decision realization, non-realization, or deferred realization across any conceivable, inconceivable, implied, emergent, or self-negating governance, control, delivery, or interpretive construct whatsoever.

Content Manager: Connect Quest Analyst | Written by: Connect Quest Artist