Recent Phishing Attacks Target Google Chrome Extensions, Spread Adware to 1 Million Users

Browser extensions help us out with our grammar, they allow us to video chat online, they even permit us to play games. Their intent is to extend the functionality of a web browser. Unfortunately, they’re also being leveraged by cybercriminals to extend the functionality of their own malicious campaigns. In fact, this past week we’ve seen a wave of phishing attacks aimed at the developers of popular browser extensions for Google Chrome. Cybercriminals are conducting these attacks in order to hijack these extensions and use them to spread adware to innocent users.

So, what do these attacks look like exactly? One campaign saw cybercriminals compromising the Chrome Web Store account of a German developer team in order to hijack the “Copyfish” extension, which is a browser extension that performs optical character recognition. After gaining control of the extension, the crooks then modified “Copyfish” with ad-injection capabilities to distribute spam correspondence to users.

The second attack we’ve seen features the popular Chrome extension “Web Developer,” which adds a toolbar button to a browser that includes various web developer tools. Once they got inside the creator’s account, cybercriminals used the popular plug-in to their advantage, directly injecting adware into the web browser of its 1 million users.

Though adware is largely just an annoyance for innocent users, the larger issue with this attack is that cybercriminals can now potentially access users’ web account info. Since these plugins have access to pretty much everything that’s happening on a user’s browser and can do anything from reading all website content to intercepting traffic, it’s important users start thinking about protection. Therefore, to stay secure from these types of attacks, follow these tips:

  • Keep an eye out for phishing. Even though developers were the ones phished in this case, this attack is another crucial reminder for all of us to be wary and keep on the lookout for a phishing scam. Make sure to be cautious when an unknown source is requesting access to your accounts, and if a suspicious or unknown email comes through, don’t click on it.
  • Update all extensions. Remember that all bugs and potential threats are typically addressed with each update. Therefore, developers have most likely fixed whatever code has been compromised in these attacks and included those fixes in the latest version of their extension. So always double check that you’re running the most up-to-date version of any extension you use.
  • Change your passwords to your web accounts. If these cybercriminals have snooped on your browser, there’s risk that they might’ve discovered your login info to web accounts. So, change your password immediately to prevent cybercriminals from having any future access.
  • Stay secure while you browse. Sometimes it’s hard to identify whether a website is full of malicious activity, or is being snooped on by a cybercriminal. So, add an extra layer of security to your browser, and surf the web safely by utilizing McAfee WebAdvisor.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

Introducing McAfee+

Identity theft protection and privacy for your digital life

FacebookLinkedInTwitterEmailCopy Link

Stay Updated

Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.


More from Privacy & Identity Protection

Back to top