1 min read

Scammers Target Google Chrome Extension Developers

Liviu ARSENE

October 01, 2018

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Scammers Target Google Chrome Extension Developers

A recent phishing campaign targeting Chrome extension developers aims to trick them into giving away usernames and passwords that hackers can use to tamper with legitimate extensions.

In an attempt to collect developers” Google account passwords, hackers have been emailing Chrome extension developers using an alleged Google employee email address. Posing as Kevin Murphy (dev-support@webstoredevsupport[.]com), part of the Chrome Web Store Team, scammers tried to get developers to fill in a Google Form with a valid postal address, as a means for validating their accounts.

However, when clicking the URL, victims got directed to a webpage that prompted for credentials for Google account, and then redirected to a cloned Google account login webpage which allowed attackers to harvest usernames and passwords.

For the trained eye, the “https://login.chromewebstoresupport[.]com” URL hosting the Google account login page would have been enough to spot a fake, but it”s difficult to estimate just how many developers actually fell for it.

As a rule, Google has never used Google Forms to handle account information. Any emails pertaining to be from Google and requiring some sort of form completion should be treated as a phishing attempt and even reported.

While some developers came forward and admitted to have fallen victim during previous campaigns, it”s probably going to be a while before individual developer blog posts will show up accounting the story.

It”s likely the stolen credentials will be used by hackers to tamper with legitimate Chrome extensions and weaponize them with malicious code either to exfiltrate data from users or to download additional malware.

While this is not the most sophisticated phishing campaign, they often prey on a sense of urgency in order to trick victims into clicking on hyperlinks and inputting sensitive data.

Developers that believe to have been affected by the campaign are encouraged to start auditing their applications and remove any suspicious or unknown code, if found.

tags


Author



Right now

Top posts

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

January 26, 2023

2 min read
Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

January 19, 2023

4 min read
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

More than 50,000 People Affected by US Cellular Data Breach; Leaked Info Hits the Internet More than 50,000 People Affected by US Cellular Data Breach; Leaked Info Hits the Internet
Silviu STAHIE

February 08, 2023

2 min read
Russian Threat Actor Targets Ukraine Ministry and Polish Police in Similar Campaigns Russian Threat Actor Targets Ukraine Ministry and Polish Police in Similar Campaigns
Silviu STAHIE

February 06, 2023

1 min read
U.S. Department of Health and Human Services Hits ‘Banner Health’ with $1.25 Million Fine U.S. Department of Health and Human Services Hits ‘Banner Health’ with $1.25 Million Fine
Silviu STAHIE

February 03, 2023

1 min read