Skip to Content
Security & privacy

Watch out! 7 MORE Google Chrome extensions hijacked by malware

Google’s Chrome browser is one of the most popular in the world. One reason it’s so well liked is that it’s easy to customize, thanks to add-on extensions. These are features that modify or enhance your browser experience.

Unfortunately, some of these extensions are under attack by hackers. Keep reading to see a list of those that have been impacted.

Hackers taking control of Chrome extensions

What’s happening is, hackers are sending phishing emails to employees who work for extension publishing companies. The email is purportedly sent from Google, telling the publishing company that its extension needs to be updated immediately or it will be removed from the Chrome Web Store. The message contains a link that reads, “Click here to read more details.”

That link is actually malicious. If the employee falls for the ruse and clicks the link, they are sent to a spoofed Google sign-in page. There, they are asked to enter the credentials to the developer’s account.

This scam was originally discovered a couple weeks ago when developers of the CopyFish extension were successfully targeted. The day after an employee handed over the company’s credentials, the extension was updated, and not by the developer.

Instead, it was updated by the cybercriminals behind the phishing email. The updated version of CopyFish began inserting ads/spam into websites. The developers couldn’t stop it because the scammers took control of the account and blocked them from accessing it.

Now, there are seven more extensions that have been hit by this same attack. Here’s the list of impacted extensions:

  1. Betternet VPN
  2. Chrometana (1.1.3)
  3. CopyFish (2.8.5)
  4. Infinity New Tab (3.12.3)
  5. Social Fixer (20.1.1)
  6. TouchVPN 
  7. Web Developer (0.4.9)
  8. Web Paint (1.2.1)

This incident magnifies how serious of a threat phishing attacks are. Keep reading for some suggestions on how to stay protected.

How to protect against phishing attacks:

More stories you can’t miss:

How to see if your computer needs a security patch

Test your firewall to make sure it’s working

Nasty Locky ransomware is back, and now it’s worse than ever

Komando Community background

Join the Komando Community

Get even more know-how in the Komando Community! Here, you can enjoy The Kim Komando Show on your schedule, read Kim's eBooks for free, ask your tech questions in the Forum — and so much more.

Try it for 30 days