Popular Chrome extensions hijacked by hackers in widespread cyberattack
Popular Chrome extensions hijacked by hackers in widespread cyberattack
Legitimate browser extensions were turned bad through malicious updates
a number of popular extensions that enable things like dark mode and adblocking in Google’s browser have been hijacked by hackers, putting 3.2 million Chrome users at risk.
While all of the extensions listed below have since been removed from the Chrome Web Store, you will still need to manually delete them if they’re currently installed in your browser
-
The extensions in question in case you can't access the article.
- Blipshot (one click full page screenshots)
- Emojis - Emoji Keyboard
- WAToolkit
- Color Changer for YouTube
- Video Effects for YouTube and Audio Enhancer
- Themes for Chrome and YouTube™ Picture in Picture
- Mike Adblock für Chrome | Chrome-Werbeblocker
- Page Refresh
- Wistia Video Downloader
- Super Dark Mode
- Emoji Keyboard Emojis for Chrome
- Adblocker for Chrome - NoAds
- Adblock for You
- Adblock for Chrome
- Nimble Capture
- KProxy
-
All of these already sound shady.
-
Some of them also sound pointless, e.g the emoji keyboards. I know for a fact windows, macos and chromeos have inbuild emoji selectors. On linux KDE also has an selector, idk about gnome but even if it doesn't have one there's probably a shell exstention for that, there's also an app called grin (or maybe smile? can't be bothered to google rn). I literally can't see a reason to use an web extension over those.
-
Blipshot (one click full page screenshots)
Emojis - Emoji Keyboard
WAToolkit
Color Changer for YouTube
Video Effects for YouTube and Audio Enhancer
Themes for Chrome and YouTube™ Picture in Picture
Mike Adblock für Chrome | Chrome-Werbeblocker
Page Refresh
Wistia Video Downloader
Super Dark Mode
Emoji Keyboard Emojis for Chrome
Adblocker for Chrome - NoAds
Adblock for You
Adblock for Chrome
Nimble Capture
KProxy
-
more likely they were less of a hijacked and more of a waited for enough people to use them and then proceed to the next stage of the plan.
-
We put so much important information/data through browsers (and smart phones for that matter), and it is becoming hard to trust third party code running on either. Trust in the publisher has become mandatory for me and the only browser plugin I run now is Bitwarden. Neither the app store operators nor the browser publishers seem to have an answer for reliably thwarting malicious actors. I don't know what the answer is, other than developing literacy in writing browser plugins and adding functionality through my own code.