Chrome Extension Attacks PSA From Wordfence

If you are using Google Chrome as your primary browser…this article is for you. Wordfence published this info back on August 17th:

This is a public service announcement from the Wordfence team regarding a security issue that has a wide impact. During the past 3 months, eight Chrome browser extensions were compromised and the attacker used them to steal Cloudflare credentials and serve up malicious ads.

This post discusses exactly what happened, how to protect yourself and what the wider implications are of this supply chain attack.

How the Chrome Extensions Were Compromised

In June, July and August, developers of the following Chrome extensions had their login credentials stolen through a phishing attack. The extensions affected are:

  • Web Developer – Versions 0.4.9 affected
  • Chrometana – Version 1.1.3 affected
  • Infinity New Tab – Version 3.12.3 affected
  • CopyFish  – Version 2.8.5 affected
  • Web Paint – Version 1.2.1 affected
  • Social Fixer 20.1.1 affected
  • TouchVPN appears to have been affected but the version is unclear
  • Betternet VPN also appears to have been affected but no version was provided

Based on total installs for these extensions, the attackers targeted a total of 4.8 million users. The developers of these Chrome extensions all had their account credentials compromised. They received an email that looked like this:

The link in the email used the bit.ly URL shortener to redirect the developer to a fake login page which harvested their credentials and allowed the malicious actor to take control of the chrome extension developer’s account.

Here is some additional useful info to know:

How to Protect Yourself

1. Even the Pros get Phished

Lesson number one from this attack is that, as we have reported in the past, even those of us who are seasoned online professionals can fall victim to a phishing or spear phishing attack. Make absolutely sure that if you receive an email, you verify the origin and think before you click or download.

  1. Never click on a link if you don’t recognize a sender.
  2. Never click a link in an email and sign in to a service. Instead, if you are presented with a sign-in page, go back to the email and look at the email sender including their domain and look at the URL of the link you clicked very carefully.
  3. Never download an attachment in an email and open it unless you verify the sender. Even then, considering asking your sender to use a service like Google Docs that doesn’t require you to download attachments.

2. Get rid of browser extensions you don’t need

Lesson two is that browser extensions sometimes get hacked. When they do, it can be a catastrophe for you. If you don’t absolutely have to have a browser extension, get rid of it.

Alternatively, deactivate extensions until you need them. Then activate them, use the extension and deactivate it again. This isn’t ideal, but it will reduce your risk if an extension is compromised for a few days.

That screenshot utility? If you don’t use it daily, dump it. That quote-of-the-day extension? Ditch it if you don’t need it.

In 2010, Chrome hit 10,000 extensions. Today, 7 years later, they probably have well over 100,000 extensions available for the Chrome browser. That many extensions create a large attack surface for malicious actors. Make sure you minimize your risk by removing those you don’t use.

There is more to this article…read the full blog post here:  https://www.wordfence.com/blog/2017/08/chrome-browser-extension-attacks/?utm_content=buffer874cd&utm_medium=social&utm_source=facebook.com&utm_campaign=buffer

I can tell you that I have disabled all of my extensions on Chrome. Better safe than sorry.

Have a great weekend.

Scott E

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s