Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Tuesday August 01 2017, @12:37AM   Printer-friendly
from the auto-updates-and-weak-security dept.

gHacks reports

The makers of the popular Chrome and Firefox extension Copyfish [which does optical character recognition (OCR) and language translation] announced yesterday that the Chrome version of the extension was hijacked.

[...] an attacker managed to steal the Google password of a team member using phishing on July 28th, 2017.

[...] The Chrome extension was [then] updated to version 2.8.5 [...] the next day, something that the company did not realize directly. The attacker, who held the password and email address for the developer account, pushed a manipulated extension to the Chrome store.

Since Chrome [extensions] update automatically without user interaction, the majority of users of the extension received the updated version.

[...] Reports began to come in on July 30, 2017 that Copyfish for Chrome was displaying ads and spam on websites.

[...] [The Copyfish developers have] no access to the extension at this point in time. They cannot update it, and the attackers may push out another version of the extension to the userbase. Since Chrome extensions update automatically, it can only be prevented by removing the extension for Chrome for the time being.

[...] This is done by loading chrome://extensions/ in the browser's address bar and activating the trash icon next to the extension.

Additional coverage at BleepingComputer and Forbes


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Tuesday August 01 2017, @12:57AM

    by Anonymous Coward on Tuesday August 01 2017, @12:57AM (#547458)

    L00k at the eL33tist