A Popular Chrome Extension Hijacked to Push Malware

Recently someone hacked an extension for Google Chrome by compromising the Chrome Web Store account of developer team from Germany.

Dubbed Copyfish, the extension which allows users to extract PDF documents and video, also text from images. This extension has more than 37,500 users.

However, extension has been hijacked and compromised by unknown hacker and equipped with advertisement injection capabilities. The Firefox version is normal to use and not infected.

The hacker also moved the extension to their account, and by this he is preventing its developers from removing the infected extension from the store.

“So far, the update looks like standard adware hack, but, as we still have no control over Copyfish, the thieves might update the extension another time… until we get it back,” the developers warned.”

“We can not even disable it—as it is no longer in our developer account.”


How Hacker Hijacked The Extension:

Developers traced the hack back to a phishing attack that happened on 28th of July.

According to them, one of team members have received a phishing mail, that said to update their Copyfish Chrome Extension or Google could remove it from the store.

Email instructed the member to click on “Click here to read more details” which opened Google login scampage.

Clicked link was a bit.ly link, but since he was vieweing the link in HTML form, he didn’t find it suspicious and entered the password for their developer account.

Once the developer entered the credentials for a9t9 software’s developer account, the hacker behind the attack updated the Copyfish extension on 29 July to Version 2.8.5, which has been pushing out spams and advertisements to its users.

The company has contacted Google Developer support already, which is currently working to provide the company access to their software.

Also, they are warning their users that the Chrome Extension for Copyfish is currently not under their control, and users are suggested not to install the malicious Chrome extension and remove it if they have already installed.


Leave a Reply

Your email address will not be published. Required fields are marked *