Chrome Extension Developers Under a Barrage of Phishing Attacks

An anonymous reader writes: Google's security team has sent out warnings via email to Chrome extension developers after many of them have been the targets of phishing attacks, some of which have been successful and resulted in crooks taking over extensions. These phishing attacks have come into the limelight this past week when phishers managed to compromise the developer accounts for two very popular Chrome extensions — Copyfish and Web Developer.

The phishers used access to these developer accounts to insert adware code inside the extensions and push out a malicious update that overlaid ads on top of web pages users were navigating. Initially, this looked like a passing problem, but new evidence reveals these attacks have been going on for the past 2 months, since mid-June. Last week, after the hijacking of the Web Developer Chrome extension, Google's security team sent warnings via email to all Chrome extension developers to be on the lookout for this new tactic.