When Google released the first version of the Chrome browser back in 2008, it became an instant hit with web developers. Nearly a decade later, Chrome is the most popular browser in the world and millions of coders use it to design and test their creations every day. There are numerous reasons why devs love Chrome. One of those reasons: personalization.
The Chrome Web Store offers a massive selection of apps and extensions that let users customize their browsing experience. There are add-ons that simplify and improve all kinds of tasks, including web design and coding. One of the more popular ones is Chris Pederick’s, which is simply called Web Developer. It’s been installed more than a million times and has thousands of extremely positive reviews from its users… and that’s precisely why it was targeted by hackers this week.
Yesterday, Pederick announced on Twitter that he had fallen victim to a phishing attack. He unwittingly handed over his Google account credentials to the perpetrator, who promptly injected ad-serving code into the Web Developer extension. When the compromised version was uploaded to the Web Store, any of its users who were online automatically infected.
It’s the second time in a week that Chrome users have been targeted by extension hijacks. The first, which I reported on Monday, involved an extension called CopyFish with around 30,000 installs. That attack may have been a test of sorts, intended to see how many fraudulent ad views could be pumped through before Google intervened and returned control of the extension to its rightful owners. With more than 30 times as many users, the Web Developer extension provided a massive audience for the hacker’s shady ad campaign.
Users of Web Developer were fortunate, however. According to Pederick there was only a three-hour window during which the adware-infected extension was being served. That limited the impact of the attack, though Pederick may be dealing with the aftermath for quite some time.
Hopefully other extension developers have been watching and are taking steps to ensure they don’t fall victim to similar phishing attacks… otherwise we may see a surge in high-profile Chrome extension hijacks.