Do we have new vector of cybercriminal attacks? We are already accustomed to the fact that malware is spreading through non-upgraded operating systems. Some of them are able to sneak into the official mobile app stores. This time malware came to users with the update of the popular Web Developer extension, which is available in the Chrome Web Store. Over a million users use this plugin.

Cybercriminals have used here quite interesting method of attack. Their efforts have focused on Chris Pederick, who is the author of the Web Developer plugin. He was a victim of phishing attack and cybercriminals got into the hands his Google account. Subsequently, they have released a plugin update (version 0.4.9) that contained malicious code. Of course, Chrome automatically downloaded an update to millions of users and launched malicious code. It seems that cybercriminals have limited their activity to display ads that in order to earn on additional clicks. The developer reacted very fast and released after a few hours a version 0.5.0 of the Web Developer extension with removed malicious code. Attackers did not infected plugin versions for other browsers, i.e. Firefox and Opera.

The developer of the Web Developer for Chrome extension apologized and confessed the mistake.

He did not use 2 step verification mechanism to secure his Google account. Chris Pederick has described everything on his blog. If that were the case, cybercriminals would not be able to log in to the captured account. Interestingly Google does not enforce additional security on extension authors. That is why they are a delicious morsel for criminals. A similar situation happened to authors of the Copyfish plugin. In this case developers also described the whole story accurately. Perhaps after these events, Google will change its security policy.

Servers providing updates are a pretty interesting vector for cyberattacks. The applications we install have unlimited confidence in their update mechanisms. This strategy was used in a recent NotPetya attack. At that time the servers of M.E.doc applications were attacked, which is used in Ukraine for tax settlements. By replacing the update file, criminals have made one of the loudest cyberattacks of this year.

Source: The INQUIRER

Comments

comments