Hack on popular Chrome plugin spams ads to one million users

The developer of a popular Chrome extension has warned users to update to the latest version after hackers were able to hijack the plugin to inject ads and potentially run malicious scripts on the browser.

Chris Pederick, author of the Web Developer for Chrome extension, alerted subscribers on Wednesday afternoon that he had fallen victim to a phishing scam that had scalped his admin credentials. Hackers were then able to update the extension to version 0.4.9 with a bundled script command and send it out to more than one million users.

Once installed on a user's browser, the extension would run JavaScript code to inject adverts into Chrome pages. Although it is thought this was the main purpose of the attack, the author admits it could have acted more maliciously, such as reading passwords entered into web fields, however there is currently no evidence of this happening.

Pederick kept a detailed account of the attack on his twitter feed, in which he has since urged users to update to v0.5 of the extension immediately. Although not every machine with the extension seems to have been affected, it is thought the hackers could have raked in a considerable amount in ad revenue during the short attack window.

The cause of the attack is thought to be a phishing email he received, which has also been tied to other attacks on web extensions. The Copyfish extension, which allows for image and video extraction from a web page, was also hit by a similar attack last weekend after receiving an email from someone claiming to be a member of the Google team.

The email, which is thought to be the same used against Pederick, described an issue with the extension that would result in it being taken offline, and directed the authors to a genuine looking ticket page, which tracked the progress of the issue.

Copyfish authors noted that an IP address was logged during the attack which suggests it came from a Macbook located somewhere in Russia.