Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 18 submissions in the queue.

Chrome Extension Developers Under a Barrage of Phishing Attacks

posted by martyb on Sunday August 13 2017, @01:59PM   Printer-friendly
from the why-not-block-the-spam? dept.

Fnord666 writes:

Google's security team has sent out warnings via email to Chrome extension developers after many of them have been the targets of phishing attacks, some of which have been successful and resulted in crooks taking over extensions.

These phishing attacks have come into the limelight this past week when phishers managed to compromise the developer accounts for two very popular Chrome extensions — Copyfish and Web Developer.

The phishers used access to these developer accounts to insert adware code inside the extensions and push out a malicious update that overlaid ads on top of web pages users were navigating.

According to new information obtained by Bleeping Computer, these attacks started over two months ago and had been silently going on without anyone noticing.

All phishing emails contained the same lure — someone posing as Google was informing extension developers that their add-on broke Chrome Web Store rules and needed to be updated.

The extension developer was lured onto a site to view what was the problem and possibly update the extension. Before seeing the alert, the site asked extension developers to log in with their Google developer account, a natural step when accessing a secure backend.

The login page was identical to the real Google account login page, and this is how the owners of the Copyfish and Web Developer extensions compromised their accounts.

Source:

https://www.bleepingcomputer.com/news/security/chrome-extension-developers-under-a-barrage-of-phishing-attacks/

Original Submission

 
This discussion has been archived. No new comments can be posted.
Chrome Extension Developers Under a Barrage of Phishing Attacks | Log In/Create an Account | Top | 14 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 5, Informative) by fyngyrz on Sunday August 13 2017, @02:14PM (2 children)

    by fyngyrz (6567) on Sunday August 13 2017, @02:14PM (#553265) Journal

    Never go anywhere an email directs you. If something appears to come from Google, you go to the known related Google site directly and get after whatever it is using the provided tools. Likewise Amazon, etc., etc., etc.

    The converse is also true: If you want people to visit your site, then just say come to our website and click. Don't put links in email. You're just enabling the black hats when you do that. Which makes you complicit.

    I find it absolutely mind-blowing that a "developer" today - on either end of the process - would not know and incorporate this extremely basic, and absolutely critical, security boilerplate.

    Starting Score:    1  point
    Moderation   +3  
       Insightful=1, Informative=2, Total=3
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   5  

  • (Score: 2, Touché) by Anonymous Coward on Sunday August 13 2017, @03:09PM

    by Anonymous Coward on Sunday August 13 2017, @03:09PM (#553276)

    You're dealing with web developers here, they aren't as much engineers/programmers as they are marketing/accountant types that realized they chose the wrong career so they jumped ship on the web 2.0/moBILE gold rush.

  • (Score: 3, Informative) by Arik on Sunday August 13 2017, @07:20PM

    by Arik (4543) on Sunday August 13 2017, @07:20PM (#553335) Journal
    Probably >99% of these scams rely on email being parsed as HTML (and generously, at that) so this is yet another case of broken-by-design coming back to bite the user in the arse.
    --
    If laughter is the best medicine, who are the best doctors?