5mo ago

Popular Chrome extensions hijacked by hackers in widespread cyberattack

www.tomsguide.com

Popular Chrome extensions hijacked by hackers in widespread cyberattack — 3.2 million at risk

a number of popular extensions that enable things like dark mode and adblocking in Google’s browser have been hijacked by hackers, putting 3.2 million Chrome users at risk.

While all of the extensions listed below have since been removed from the Chrome Web Store, you will still need to manually delete them if they’re currently installed in your browser

12 comments

The extensions in question in case you can't access the article.
Blipshot (one click full page screenshots)
Emojis - Emoji Keyboard
WAToolkit
Color Changer for YouTube
Video Effects for YouTube and Audio Enhancer
Themes for Chrome and YouTube™ Picture in Picture
Mike Adblock für Chrome | Chrome-Werbeblocker
Page Refresh
Wistia Video Downloader
Super Dark Mode
Emoji Keyboard Emojis for Chrome
Adblocker for Chrome - NoAds
Adblock for You
Adblock for Chrome
Nimble Capture
KProxy
- All of these already sound shady.
  
  I had the "Page Refresh" one... disabled, but still installed. There are multiple "[Auto] [Easy] Page/Tab Refresh/Reload" extensions in the store, hard to pick one that won't go rogue.
  
  Some of them also sound pointless, e.g the emoji keyboards. I know for a fact windows, macos and chromeos have inbuild emoji selectors. On linux KDE also has an selector, idk about gnome but even if it doesn't have one there's probably a shell exstention for that, there's also an app called grin (or maybe smile? can't be bothered to google rn). I literally can't see a reason to use an web extension over those.
Blipshot (one click full page screenshots)
Emojis - Emoji Keyboard
WAToolkit
Color Changer for YouTube
Video Effects for YouTube and Audio Enhancer
Themes for Chrome and YouTube™ Picture in Picture
Mike Adblock für Chrome | Chrome-Werbeblocker
Page Refresh
Wistia Video Downloader
Super Dark Mode
Emoji Keyboard Emojis for Chrome
Adblocker for Chrome - NoAds
Adblock for You
Adblock for Chrome
Nimble Capture
KProxy
more likely they were less of a hijacked and more of a waited for enough people to use them and then proceed to the next stage of the plan.
We put so much important information/data through browsers (and smart phones for that matter), and it is becoming hard to trust third party code running on either. Trust in the publisher has become mandatory for me and the only browser plugin I run now is Bitwarden. Neither the app store operators nor the browser publishers seem to have an answer for reliably thwarting malicious actors. I don't know what the answer is, other than developing literacy in writing browser plugins and adding functionality through my own code.

12 comments