Hack on popular Chrome plugin spams ads to one million users

The author says a phishing scam led to the theft of admin credentials

The developer of a popular Chrome extension has warned users to update to the latest version after hackers were able to hijack the plugin to inject ads and potentially run malicious scripts on the browser.

Chris Pederick, author of the Web Developer for Chrome extension, alerted subscribers on Wednesday afternoon that he had fallen victim to a phishing scam that had scalped his admin credentials. Hackers were then able to update the extension to version 0.4.9 with a bundled script command and send it out to more than one million users.

Advertisement - Article continues below

Once installed on a user's browser, the extension would run JavaScript code to inject adverts into Chrome pages. Although it is thought this was the main purpose of the attack, the author admits it could have acted more maliciously, such as reading passwords entered into web fields, however there is currently no evidence of this happening.

Pederick kept a detailed account of the attack on his twitter feed, in which he has since urged users to update to v0.5 of the extension immediately. Although not every machine with the extension seems to have been affected, it is thought the hackers could have raked in a considerable amount in ad revenue during the short attack window.

The cause of the attack is thought to be a phishing email he received, which has also been tied to other attacks on web extensions. The Copyfish extension, which allows for image and video extraction from a web page, was also hit by a similar attack last weekend after receiving an email from someone claiming to be a member of the Google team.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The email, which is thought to be the same used against Pederick, described an issue with the extension that would result in it being taken offline, and directed the authors to a genuine looking ticket page, which tracked the progress of the issue.

Copyfish authors noted that an IP address was logged during the attack which suggests it came from a Macbook located somewhere in Russia.

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement

Recommended

Andrew Daniels joins Druva as CIO and CISO
Cloud

Andrew Daniels joins Druva as CIO and CISO

22 Jul 2020
Chrome disables feature that curtailed its memory-hogging ways
web browser

Chrome disables feature that curtailed its memory-hogging ways

16 Jul 2020
University of California gets fleeced by hackers for $1.14 million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Australia announces $1.35 billion investment in cyber security
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
Labour Party donors caught up in Blackbaud data breach
data breaches

Labour Party donors caught up in Blackbaud data breach

31 Jul 2020
How do you build a great customer experience?
Sponsored

How do you build a great customer experience?

20 Jul 2020