Within the last 4 weeks, several Google Chrome web browser Extensions have been compromised and modified to perform malicious activities to users.
Two weeks ago, some hackers compromised the Chrome Web Store account of a developer and hijacked the Copyfish extension and then used it to distribute spam to its users.
Not too long after the Copyfish incident, another group of hackers hijacked another popular Chrome extension called Web Developer, a tool that offers web development and then modified it to inject advertisement into the web browser of its user number over a million. Web Developer
According to Proofpoint researcher Kafeine, the hackers involved in the hack gained access to the developers' Google web accounts via phishing emails with malicious links to steal account credentials.
The security vendor identified the below Chrome ad-ons as those that were compromised:
1. CopyFish (2.8.5)
2. Chrometana (1.1.3)
3. Infinity New Tab (3.12.3)
4. Web Paint (1.2.1)
5. Social Fixer (20.1.1)
The security vendor also believes that Chrome VPN ad-ons; TouchVPN and Betternet VPN were compromised in June the same way.
Proofpoint explained that once the hacker(s) successfully gained access to the account of the developer, the hacker(s) would either inject malicious codes into the extension(s) to perform malicious tasks or they would add malicious JavaScript code into the ad-on and expose users to fake ads in order to steal their passwords and credentials.
CopyFish extension suffered a worse fate than those that Proofpoint mentioned, the hackers that compromised CopyFish moved the whole extension to one of its developers account so as to prevent the makers of the software from removing the infected extension from the Chrome store.