Dubbed Copyfish, the extension allows users to extract text from images, PDF documents together with video, together with has to a greater extent than than 37,500 users.
Unfortunately, the Chrome extension of Copyfish has been hijacked together with compromised yesteryear unopen to unknown attacker, who equipped the extension amongst promotion injection capabilities. However, its Firefox counterpart was non affected yesteryear the attack.
The attackers fifty-fifty moved the extension to their developer account, preventing its developers from removing the infected extension from the store, fifty-fifty later beingness spotted that the extension has been compromised.
"So far, the update looks similar criterion adware hack, but, every bit nosotros even together with thus conduct maintain no command over Copyfish, the thieves mightiness update the extension unopen to other time… until nosotros become it back," the developers warned. "We tin give the sack non fifty-fifty disable it—as it is no longer inwards our developer account."
Here's How the Hackers Hijacked the Extension:
According to a9t9 software, 1 of its squad members received a phishing electronic mail impersonating the Chrome Web Store squad that said them to update their Copyfish Chrome extension; otherwise, Google would take it from the spider web store.
The phishing electronic mail instructed the fellow member to click on "Click hither to read to a greater extent than details," which opened the "Google" password dialogue box.
The provided link was a bit.ly link, but since the squad fellow member was viewing the link inwards HTML form, he did non notice it at nowadays suspicious together with entered the password for their developer account.
The developers said the password concealment looked most precisely the 1 used yesteryear Google. Although the squad did non conduct maintain whatsoever screenshot of the simulated password page every bit it appeared exclusively once, it did conduct maintain a screenshot of the initial phishing electronic mail together with its reply.
"This looked legit to the squad member, together with thus nosotros did non notice the [phishing] assault every bit such at this point. [Phishing] for Chrome extensions was just non on our radar screen," the developers said.
Once the developer entered the credentials for a9t9 software’s developer account, the hackers behind the assault updated the Copyfish extension on 29 July to Version 2.8.5, which is pushing out spams together with advertisements to its users.
The worst business office comes inwards when the Copyfish makers noticed the number rattling quickly, but they could non exercise anything because the hackers moved the extension to their developer account.
The software companionship contacted Google developer support, which is currently working to render the companionship access to their software.
The a9t9 software is alert users that the Chrome extension for Copyfish is currently non nether its control. So, users are advised non to install the malicious Chrome extension together with remove, if they conduct maintain already installed.
