web-developer-chrome
Chrome extension developer accounts hijacked via phishing
A coordinated phishing campaign impersonating the Chrome Web Store team tricked extension developers into surrendering credentials via fake Google login pages on Freshdesk and bit.ly URLs. The hijacked accounts were used to publish malicious updates that injected adware and overlaid ads on visited pages. Confirmed compromised extensions include Copyfish (2017-07-28), Web Developer (2017-08-01, ~1M users), Chrometana, Infinity New Tab, Web Paint, Social Fixer, TouchVPN, and Betternet. All malicious updates were delivered through the official Chrome Web Store.
- Date
- 2017-07-28 to 2017-08-15
- Category
- Commercial
- Target Surface
- Distribution
- Insertion Phase
- distribution
- Impact
- Adware
- Cause
- Phishing
What Was Affected
Package
web-developer-chrome
Languagejavascript
ComponentExtension
Artifact typeextension package
Domain typepackage host
Domain
chromewebstore.google.com
Compromised Versions
- Copyfish 2.8.5
- Web Developer 0.4.9
- Chrometana 1.1.3
- Infinity New Tab 3.12.3
- Web Paint 1.2.1
- Social Fixer 20.1.1
Incident Context
- Motive
- Financial gain
- Attribution
- Cybercriminal
- Transitive
- No
- User Impact
- 1500000
- Observed Duration
- 18 days
External References
Source Data
Source record: proprietary/web-developer-chrome/meta.yaml