There are a lot of things that makes our lives easier. A very good example is Google Chrome web browser extensions.
Some Google Chrome developers have been hacked within the last week. The culprit are browser extensions used by millions now freely distributing malware.
Two popular web browser extensions have been hijacked in the Chrome Webs Store.
One of the hacked extension was from the German developer behind Copyfish which is an OCR extension. Well, they modified the code and put in place ad-injection capabilities that is able to distribute spam to its users.
The second one is a hugely-successful Chrome Web Store developer that has been hijacked by unknown attackers.
Chris Pederick – the creator of a popular Chrome extension called Web Developer – has revealed hackers phished the Google account linked to his app, updated Web Developer, and pushed the hijacked app out to its 1,044,000 users.
Seemingly enough, the exact technique was used to spread malware which is similar to the Copyfish extension malware.
On the lighter side of things, the Firefox version of the two web browser extensions are not affected by this.
This is how it might have happened.
“Cybercriminals have targeted the developers’ Google accounts and pushed-out the update to the web extension – laced with malware – from the Chrome Web Store.”
According to the Chris Pederick, the malicious software incorporated into his app injected advertisements on web pages on users’ computer.
It is a known fact the the hackers might have made a lot of money from the advertisements.
So here comes the bad news, the Chrome plugin has access to almost everything that takes place within users’ web browser – enabling the malware-ridden software to read website content, intercept traffic, record keystrokes, and more.
The malicious version of Web Developer was only live on the Chrome Web Store for six hours but eventually replaced with the clean one.
The plugin author Chris Pederick has since fixed the extension and pushed-out an update to users.
Web Developer users are urged to update their Chrome extension to version 0.5 as soon as possible.
Meanwhile, the team behind Copyfish have cautioned users, “So far, the update looks like standard adware hack, but, as we still have no control over Copyfish, the thieves might update the extension another time… until we get it back.
“We can not even disable it – as it is no longer in our developer account.”
Google is believed to be working with the developers to provide them access to their own Chrome browser extension.