Hackers hijack Chrome extension to force ads over 30,000 users


Hackers launched a cyber attack on Copyfish translation plug-in to force ads on 30,000 users. But Google’s in-house developers took a note of this nefarious activity on time and succeeded in disrupting these attacks just hours after being publicized.

As per the sources reporting to our Cybersecurity Insiders, the hackers plan began with a message sent to the developers of Copyfish. The message was masqueraded as an urgent notice issued by Google. And ended with a message that the developers of Copyfish have to act on it on an immediate note, otherwise, the chrome extension will be removed from the Chrome Web Store.

A person from the team of Copyfish developers became a victim of this activity of “Clickjacking”. He was in fact led to a phishing page that was disguised as a Google support portal. And as soon as the password to the Copyfish extension account was typed in, the hacker immediately acted and locked the developers’ team of Copyfish from further access by changing the password.

Then a malicious Chrome extension mimicking Copyfish was updated onto the Chrome web store which contained numerous ads. It was actually a poisoned version of extension doctored to slam Copyfish.

As Chrome updates the latest version of extensions from the store on an automated note, all the 30K users of the extension started using the malicious version.

However, as soon as the Copyfish developers learned about this activity, they immediately notified the in-house developers of Google and thus the malicious version of the extension was pulled down after a 2 hours operation.

The Copyfish developers immediately replaced the nefarious version with the original software and breathed a sigh of relief.

Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display