Everything you need to know about the recent compromises of some popular Chrome extensions

August 25th, 2017

For the last few weeks, more Chrome browser extension developers have become the target of an unknown attacker or group of attackers who have being able to break into their account and change the browser add on codes for malicious purposes.


popular Chrome extensions

More users worldwide are being affected by this malicious attack, and the number of Google Chrome extensions which have been compromised is growing. According to Proofpoint (a security vendor), the following Chrome browser extensions have already being hacked and compromised:

  • Chrometana 1.1.3
  • Web Developer 0.4.9
  • Web Paint 1.2.1
  • Infinitely New Tab 3.12.3
  • Social Fixer 20.1.1
  • CopyFish 2.8.5
  • TouchVPN
  • BetternetVPN


It has been estimated that the method used by the attacker is sending booby-trapped links in phishing e-mails to coders and browser extension developers asking them to log into their Google Chrome Web Store dashboards. This allows the attacker access to their accounts, and to add the malicious JavaScript code to the extensions which helps hijack the traffic and to substitute the advertisements in the Internet browsers used, which are meant to earn revenue from various affiliate programs. Some of the cases included asking users to “repair” their computers with fake JavaScript online alerts and thus redirecting them to the illegitimate affiliate programs and landing pages, which showed some substantial traffic growth of monthly visits.


What are the risks

These particular phishing attempts have been already resolved, but it is still unclear who the attacker is and which add ons could be affected by this malicious code injection in the future.

Since Google Chrome is the single most popular Internet browser in the world, there is no doubt that every such illegitimate intervention in the coding of a popular browser app can lead to immense profits for the attackers and to a lot of headaches and losses for the browser app developers, so some serious investigations are being made in order to find those responsible and to limit their activities and future access to the browser add on codes and functionality.

Even worse, illegitimate access to a plugin from Chrome can allow access to just about anything which takes place in the browser, including: traffic interception, keystroke recording and reading website content by enabling the malware-ridden software in the browser.

What can be done to limit the risks

Even though most developers managed to pull out and repair the hacked extensions, some such as the team behind the popular Copyfish app are still cautioning their millions of users worldwide that they are still not in control of their browser extension, and are working on getting it back and returning it back to its normal functioning. The team of developers has confessed that they do not have the proper access to stop the extension from functioning at this point.

Google has been working closely with the developers to help them get back their access to the Chrome browser extension in order to fix the damage and restore its original functioning.

Hopefully, the Internet giant and the world of browser add on developers will team up and work extensively to find those responsible and to limit future attacks and malicious interferences.





Share Button
Now you have the information you don't want to order. Guys check out our brand new video presentations

Leave your contact information we will contact you:

© 1998-2018 Toolbarstudio Inc. All rights reserved.
contact slider

All required fields are marked with *.