Buzz
Copyfish is an extension that enables users to extract text from images, PDF documents, and videos, and has over 37,500 users currently using this extension.
However, recent reports indicate that hackers have infiltrated and taken control of Chrome extension to distribute malware, malicious code posing risks to user data, information, on Firefox browser, this add-on remains unaffected and not compromised.
The attacker transferred this extension to their account, preventing developers from removing the infected extension from the store even after detecting the compromised extension.
Hacker infiltrates and controls Chrome extension to distribute malware
'At this point, this update behaves like typical adware, but because we can't control Copyfish anymore, the attacker may update the extension again... until we regain control,' developers warned. 'We can't even disable Copyfish because this extension is no longer in our developer account.'
How did the hacker gain control of the Copyfish extension?
Cyber attackers infiltrate and control Chrome extension to distribute malware
Copyfish developers detected the attack on July 28th. According to a9t9, a member of the development team received a phishing email while using the Google Chrome browser, accompanied by a notice to update Copyfish or risk removal from the online store.
The phishing email requested the member to click on Click here to read more details, opening a Google password dialog as a bit.ly link. However, the member viewed the link in HTML format and didn't detect anything suspicious, proceeding to enter the team's account password.
Developers noted that the fake password screen resembled Google's interface. Since the fake password screen appeared only once, the team couldn't capture any screenshots.
After the team member entered the group's account authentication information, the hacker began the attack, updating malware into Copyfish extension version 2.8.5 on July 29th to distribute advertisements and spam to users.
Although the development team quickly detected the issue, they couldn't intervene because the hacker had transferred the extension to their own account.
a9t9 has reached out to Google's developer support team, and both are working to regain control for a9t9.
Furthermore, a9t9 warns users that the Chrome extension Copyfish is not under their control. Therefore, if users have Copyfish installed, they should remove the addon from Chrome immediately.
