Cyberhaven blames a phishing email for the attack, writing in a separate technical analysis post that the code appeared to specifically target Facebook Ads accounts. According to Reuters, security researcher Jaime Blasco believes the attack was “just random” and not targeting Cyberhaven specifically. He posted on X that he’d found VPN and AI extensions that contained the same malicious code that was inserted into Cyberhaven.