Chrome extensions under attack, more than 5 million users at risk

A mysterious group of hackers would have been able with phishing emails to obtain the login credentials of some extensions and compromise them

Browser extensions are very useful, but sometimes they can also pose a danger to users' data. According to what emerges in the last few hours, hackers have compromised some of the add-ons available for Google Chrome, putting almost 5 million users at risk.

The worrying breach was reported by Kafeine, a researcher at Proofpoint, a well-known company expert in cybersecurity solutions. From the news, it seems that the cybercriminals - whose name at the moment remains shrouded in mystery - were able to trick the developers of the stormed extensions, using phishing emails. With the obtained data, the hackers would then insert the malicious code into the involved add-ons. This is the second case in a few weeks, which brings the number of breached extensions to 8. And always using, it seems, the same wicked ploy.

The risks for users

The breaches are worrying because users who have downloaded the modified add-ons risk that some of their personal data will end up in the hands of hackers. In particular, through the compromised extensions, hackers could get hold of victims' credentials. And that's not all. Altered applications would be able to replace legitimate advertisements with dangerous, unsolicited banners chosen by cyber criminals. In addition, the accused extensions could display error pop-ups, which, if opened, would redirect users to other malicious sites.

The compromised extensions

As mentioned, there are currently 8 compromised extensions. The list includes: Copyfish, the first one to be detected, Chrometanta 1.1.3, Web Paint 1.2.1, Social Fixer 20.1.1, Infinity New Tab 3.12.3, Web Developer 0.4.9 and also Touch VPN and Betternet VPN.

How the hackers affected

The method used by the hackers responsible for the breaches is phishing. Developers of Chrome extensions allegedly received an email. Through the deceptive message, cyber criminals would have been able to obtain the applications' login credentials. Then, the authors of the compromise would have altered the source code of the extensions, inserting parts of malicious code inside.