Hack on popular Chrome plugin spams ads to one million users

The author says a phishing scam led to the theft of admin credentials

The developer of a popular Chrome extension has warned users to update to the latest version after hackers were able to hijack the plugin to inject ads and potentially run malicious scripts on the browser.

Chris Pederick, author of the Web Developer for Chrome extension, alerted subscribers on Wednesday afternoon that he had fallen victim to a phishing scam that had scalped his admin credentials. Hackers were then able to update the extension to version 0.4.9 with a bundled script command and send it out to more than one million users.

Advertisement - Article continues below

Once installed on a user's browser, the extension would run JavaScript code to inject adverts into Chrome pages. Although it is thought this was the main purpose of the attack, the author admits it could have acted more maliciously, such as reading passwords entered into web fields, however there is currently no evidence of this happening.

Pederick kept a detailed account of the attack on his twitter feed, in which he has since urged users to update to v0.5 of the extension immediately. Although not every machine with the extension seems to have been affected, it is thought the hackers could have raked in a considerable amount in ad revenue during the short attack window.

The cause of the attack is thought to be a phishing email he received, which has also been tied to other attacks on web extensions. The Copyfish extension, which allows for image and video extraction from a web page, was also hit by a similar attack last weekend after receiving an email from someone claiming to be a member of the Google team.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The email, which is thought to be the same used against Pederick, described an issue with the extension that would result in it being taken offline, and directed the authors to a genuine looking ticket page, which tracked the progress of the issue.

Copyfish authors noted that an IP address was logged during the attack which suggests it came from a Macbook located somewhere in Russia.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Recommended

Visit/software/video-conferencing/355410/zoom-50-adds-256-bit-encryption-and-ui-refresh
video conferencing

Zoom 5.0 adds 256-bit encryption to address security concerns

23 Apr 2020
Visit/security/hacking/355382/whatsapps-flaw-shoulder-surfing
hacking

WhatsApp flaw leaves users open to 'shoulder surfing' attacks

21 Apr 2020
Visit/security/cyber-security/355368/microsoft-builds-ai-to-detect-security-flaws-with-99-accuracy
cyber security

Microsoft AI can detect security flaws with 99% accuracy

20 Apr 2020
Visit/security/vulnerability/355276/businesses-brace-for-second-fujiwhara-effect-of-2020-as-patch-tuesday
vulnerability

Businesses brace for second 'Fujiwhara effect' of 2020 as Patch Tuesday looms

9 Apr 2020

Most Popular

Visit/operating-systems/microsoft-windows/355781/microsoft-confirms-further-issues-with-troublesome
Microsoft Windows

Microsoft's latest Windows 10 update is causing yet more issues

26 May 2020
Visit/mobile/5g/355712/nokia-5g-speed-record
5G

Nokia breaks 5G record with speeds nearing 5Gbps

20 May 2020
Visit/infrastructure/network-internet/355792/intel-releases-wi-fi-and-bluetooth-driver-updates-for
Network & Internet

Intel releases Wi-Fi and Bluetooth driver updates for Windows 10

26 May 2020