Hackers keep phishing Chrome Extension Developers

by Julie Splinters - - 2017-08-08

When good Chrome extensions go bad

You might need to think twice before even enabling a well-known Chrome extension

If your Chrome browser is loaded with diverse extensions or you happen to be an extension developer yourself, then the news about increasing phishing attacks on Chrome add-ons should certainly become a concern to you.

Observing the tendencies in the cyber world, crooks do not cease to surprise with their imaginative skills on hacking and phishing technologies.

Two phishing attacks on popular chrome extensions within five days serves as another wake-up call for Google to fortify the protection of its most popular product – Chrome.

Foisting adware in the disguise of legitimate Chrome add-ons

As users have learned to detect and avoid installing questionable extensions, perpetrators have discovered ways how to deliver unwanted malicious content by force. It seems that transforming legitimate Particle Chrome extension into adware after handing it to a new owner is no longer a novelty.^[1]

Now felons take higher risks to hack well-known extensions’ authors’ accounts to corrupt the source code of their app.^[2] As a result, then, they are able to roll out updates which deliver adware, or worse, malware, to unsuspecting users.

What is worse, the number of such cases are not limited to the developers of Copyfish and Web Develop. Maxime Kjaer, a science student, has unraveled the scheme involving Facebook click fraud and corrupted Chrome extensions.^[3]

If a credulous Facebook user clicks on a link supposedly sent by his contact, they are misguided to an adult-content website which asks for the verification by enabling a shady extension. Some of such extensions also have access to user’s camera and microphone.

The current cases suggest that racketeers have picked up the strategy to foist annoying ads and links to questionable sites. However, the authors of more elaborate malware may soon take the liking of the phishing technique as well.

Any countermeasures?

It is understandable if you are in the state of bewilderment right now wondering how you are supposed to tell a difference between a genuine Chrome extension and its impostor. Leave alone ordinary consumers, software developers must face the dilemma how to secure their intellectual property.

Moreover, they might be inclined to do so even more as Google Support team sends out official warnings about the phishing attacks and fake Google Support emails.^[4] Here is their advice:

Pay attention to the sender’s domain name
Enable 2-step verification
Change account passwords regularly (“password123” does not count)

Responding to the account hack and extension corruption cases, Google continues scanning for malicious extensions in the Chrome web store. However, it seems that there might be many more of them than expected.

About the author

Julie Splinters - Anti-malware specialist

Julie Splinters is the News Editor of 2-spyware. Her bachelor was English Philology.

Contact Julie Splinters
About the company Esolutions

References

^ Linas Kiguolis. “Particle” Chrome extension turns into adware after being sold to a new developer. 2-spyware. Security and spyware news.
^ Dan Goodin. After phishing attacks, Chrome extensions push adware to millions. Ars Technica. IT news and commentary.
^ Bradley Barth. Chrome browser extensions discovered engaging in Facebook click fraud. SCMedia. The cybersecurity source.
^ Catalin Cimpanu. Chrome Extension Developers Under a Barrage of Phishing Attacks. BleepingComputer. News, reviews and tech support.