Hack on popular Chrome plugin spams ads to one million users
The author says a phishing scam led to the theft of admin credentials
The developer of a popular Chrome extension has warned users to update to the latest version after hackers were able to hijack the plugin to inject ads and potentially run malicious scripts on the browser.
Chris Pederick, author of the Web Developer for Chrome extension, alerted subscribers on Wednesday afternoon that he had fallen victim to a phishing scam that had scalped his admin credentials. Hackers were then able to update the extension to version 0.4.9 with a bundled script command and send it out to more than one million users.
Pederick kept a detailed account of the attack on his twitter feed, in which he has since urged users to update to v0.5 of the extension immediately. Although not every machine with the extension seems to have been affected, it is thought the hackers could have raked in a considerable amount in ad revenue during the short attack window.
The cause of the attack is thought to be a phishing email he received, which has also been tied to other attacks on web extensions. The Copyfish extension, which allows for image and video extraction from a web page, was also hit by a similar attack last weekend after receiving an email from someone claiming to be a member of the Google team.
The email, which is thought to be the same used against Pederick, described an issue with the extension that would result in it being taken offline, and directed the authors to a genuine looking ticket page, which tracked the progress of the issue.
Copyfish authors noted that an IP address was logged during the attack which suggests it came from a Macbook located somewhere in Russia.