The founder of AabyssTeam issued a security alert on X, Cyberhaven security company was attacked by phishing emails, resulting in malicious code implanted in the browser plug-in released by it, trying to read the browser cookies and passwords of uploaded users. Subsequent analysis of the code found that multiple browser plug-ins were attacked, including Proxy SwitchyOmega (V3), etc. These plug-ins affected 500,000 users in the Google Store and have been followed. SlowMist founder Cosine forwarded his warning and said that this kind of attack uses the OAuth2 attack chain to obtain the "extension publishing permission" of the developer of the "target browser extension" and release the plug-in extension update with a backdoor. Every time you start the browser or reopen the extension, the update may be automatically triggered, and the backdoor implant is difficult to detect. Remind wallet extension publishers not to be careless.