searchtwitterarrow rightmail strokearrow leftmail solidfacebooklinkedinplusangle upmagazine plus
Help Net Security - Daily information security news with a focus on enterprise security.
Help Net Security - Daily information security news with a focus on enterprise security.
  • News
  • Features
  • Expert analysis
  • Videos
  • Reviews
  • Events
  • Whitepapers
  • Industry news
  • Product showcase
  • Newsletters
Zeljka Zorz
Zeljka Zorz, Editor-in-Chief, Help Net Security
August 3, 2017
Share

Another popular Chrome extension hijacked through phishing

Chris Pederick, the creator and maintainer of the Web Developer for Chrome extension, is the latest victim of attackers who hijack popular Chrome add-ons in order to push ads onto users.

OPIS

The method the attackers used to compromise the extension’s account is the same one that was so successful a few days ago against the developers of the Copyfish Chrome extension: a phishing email impersonating the Chrome Web Store team, with a link that points to a site mimicking Google’s customer support system.

After getting their hands on Pederick’s Google account login credentials, the attackers used them to hijack his account and push out a newer version of the add-on (v0.4.9) that performs ad injection (but apparently not all the time).

Unlike the Copyfish creators, Pederick noticed that something was wrong rather quickly, and managed to disable the extension and push out a fixed version (v0.5) of it in less than six hours.

The quick reaction is probably what made it impossible for the attackers to transfer control of the add-on to their own developer account, as they did with the Copyfish extension.

Pederick is urging the million or so users of Web Developer for Chrome to uninstall and reinstall the extension, and to run adware detection on their machine, just in case.

He says that there is no evidence that the malicious extension stole passwords, but it might be a good idea for users to change any password they entered in the browser while using it.

This hijacking is just the latest instance of compromised Chrome extensions made to spew ads. Among previous victims are the developers of other popular add-ons: User-Agent Switcher, Block Site, Infinity New Tab, and Live HTTP Headers.

It is possible and quite likely that the same attackers are behind all of these compromises.

More about
  • account hijacking
  • add-ons
  • Chrome
  • phishing
Share this

Featured news

  • While governments pass privacy laws, companies struggle to change
  • What a perfect day in data privacy looks like
  • We can’t rely on goodwill to protect our critical infrastructure
Guide: How virtual CISOs can efficiently extend their services into compliance readiness

Sponsored

eBook: 4 ways to secure passwords, avoid corporate account takeover

Here’s the deal: Uptycs for all of 2023 for $1

2022 Cloud Data Security Report

Don't miss

While governments pass privacy laws, companies struggle to change

Trends that impact on organizations’ 2023 security priorities

What a perfect day in data privacy looks like

Patch your Jira Service Management Server and Data Center and check for compromise! (CVE-2023-22501)

We can’t rely on goodwill to protect our critical infrastructure

Cybersecurity news
Help Net Security - Daily information security news with a focus on enterprise security.
© Copyright 1998-2023 by Help Net Security
Read our privacy policy | About us | Advertise
Follow us