Chrome eight hacked extensions serve malicious code

Six more developers of its extensions discovered that their account had been compromised over the past four months, according to new evidence released yesterday by its security researcher Proofpoint, Caffeine.Chrome

Earlier this month, we mentioned about it hijack another expansion of Chrome (Copyfish). As seen in all cases, the attackers used "phishing" emails to trick developers into giving them credentials to Chrome developer accounts.

Kafeine Security Investigator identified six extra Chrome extensions that were occupied in the same way.

The list includes:

Αν τώρα προσθέσετε τις συνολικές εγκαταστάσεις από τις οκτώ επεκτάσεις, θα δείτε ότι οι επιτιθέμενοι κατάφεραν να παραδώσουν τον κακόβουλο κώδικα τους σε περίπου 4,8 users.

Google, on the other hand, has reportedly warned Chrome extension developers to be very wary of phishing efforts.

Google sent a pre πριν από δύο εβδομάδες, επειδή σε όλες τις παραπάνω επιθέσεις το fishing was the first step of the process.

Security investigator Kafeine analyzed the malicious code he found in some of the extensions and discovered that it was designed to perform the following functions:

  • Wait at least ten minutes after installing - updating the extension
  • Retrieve a JavaScript file from a random DGA-generated domain
  • Collecting aggregated credentials from the user's browser
  • Replace ads with ads provided by the malicious user
  • Most ad replacements come from adult portals
  • View a pop-up alert notifying you of an error and redirecting to other sites for more traffic

The phishing attacks, according to the researcher, took place in May 2017, and seem to be related to the infrastructure used in another malicious extension of Chrome, which was discovered in June 2016.

This shows that the malicious users behind these attacks are well-versed in the Chrome and Chrome Web Store extensions and will probably continue their attacks.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).