Over 1M users download malicious Chrome extension
Chris Pederick, the creator of the Chrome extension Web Developer, was recently phished. The cyber criminals effectively breached Pederick’s Google account, which was tied to the app. Therefore, the cyber criminals were able to access the app and make any changes they wanted. After doing just that, the hackers pushed out a new “updated version” of Web Developer. It is believed, most of the changes included the ability to distribute spam ads to different webpages users visit. Beyond spamming users, additional concerns have been raised as well. Express reported,
“…the Chrome plugin has access to almost everything that takes place within users’ web browser – enabling the malware-ridden software to read website content, intercept traffic, record keystrokes, and more.”
The malicious update was available for six hours before it was pulled from the Chrome Web Store. Since, Pederick has fixed the issue, and has released an updated version of the app. Therefore, all users of Web Developer are advised to update to the 0.5 version immediately.