PANews reported on January 12 that the founder of AabyssTeam issued a security warning on the X platform. Cyberhaven Security Company was attacked by a phishing email, which resulted in malicious code being implanted in the browser plug-in it released, attempting to read the browser cookies and passwords of the uploading users. Subsequent code analysis revealed that multiple browser plug-ins were attacked, including Proxy SwitchyOmega (V3), etc. These plug-ins affected 500,000 users in the Google Store and are currently under attention. SlowMist founder Yu Xian forwarded the warning and said that this attack uses the OAuth2 attack chain, and after obtaining the "extension publishing permission" of the "target browser extension" developer, a plug-in extension update with a backdoor is released. Every time the browser is started or the extension is reopened, an update may be automatically triggered, and the backdoor implantation is difficult to detect.