Chrome Extension Attacks Target Site Owners
PSA: 4.8 Million Affected by Chrome Extension Attacks Targeting Site Owners
Wordfence.com
August 17, 2017
In June, July and August, developers of the following Chrome extensions had their login credentials stolen through a phishing attack. The extensions affected are:
- Web Developer – Versions 0.4.9 affected
- Chrometana – Version 1.1.3 affected
- Infinity New Tab – Version 3.12.3 affected
- CopyFish – Version 2.8.5 affected
- Web Paint – Version 1.2.1 affected
- Social Fixer 20.1.1 affected
- TouchVPN appears to have been affected but the version is unclear
- Betternet VPN also appears to have been affected but no version was provided
Based on total installs for these extensions, the attackers targeted a total of 4.8 million users. The developers of these Chrome extensions all had their account credentials compromised….
Once the attackers had access to modify the code in these Chrome extensions and release new code, they made a change that injected their own malicious Javascript into the extensions….
The code injects Javascript from the attacker’s own domain into the victim’s browser. The victim here is someone who is using the Chrome web browser and has one of these extensions installed.
This allows an attacker to perform any action as the victim. This includes accessing any website the victim is signed into and modifying the content of any web page that the victim views. Once an attacker has control of one of your Chrome extensions, they own your web browser.
Leave a comment