According to an initial investigation by the cybersecurity firm Cyberhaven, the malicious code was designed to steal sensitive data, including access tokens, user IDs, account information, cookies, ...