Over the past few years, web extensions have continually been hijacked by spammers and cyber criminals and this might be on the rise. A few days ago, the popular Chrome extension Copyfish was hijacked by cyber attackers who managed to equip the extension with ad-injection capabilities to distribute spam to users of the web extension. Now the most recent attack was made against another popular web extension: Web Developer, which has one million plus users. Similarly, the unknown attackers were able to update the software to directly inject advertisement into the web browsers of the unsuspecting users.
In both cases, the spammers were able to obtain access to the extensions through phishing. Chris Pendrick, the creator of Web Developer, alerted on Twitter that attackers managed to phish his Google account and then updated the extension to version 0.4.9, which was pushed to over one million users. It is important to note however that, in both cases, the Firefox version of both extensions was unaffected. It has been advised that all users for Web Developer should update their extension to version 0.5 immediately. Also, for those that had either Web Developer, Copyfish, or any other compromised extension, it is highly recommended that you change your passwords for all web accounts, as well as nullifying login tokens and cookies used on websites you visited while using the infected extension.