Chrome extension developers are again targeted by phishing campaign

Developers of extensions for Google’s Chrome browser report that they have been targeted by a phishing campaign, in which attackers attempt to obtain credentials to publish potentially malicious versions of extensions. This has happened before with various extensions.

Several developers tell ZDNet that they have received phishing emails, similar to a previous campaign in the summer of last year. The developers of AdGuard and EtherSecurityLookup, among others, say they have received emails that appear to come from Kevin Murphy, a member of Google’s Chrome Web Store team. In it, they are asked to provide a ‘valid postal address’ and fill in contact information on a Google Form page.

However, the link to the form led to a different domain. To fill out the fake form, recipients of the phishing email must first log in to Google. However, they end up on a simulated but convincing-looking login page. If they enter their login details there, they end up with the attackers.

With that, they can then log into the developer account. If the method has not changed from last year, the attackers can modify extensions associated with the account. For example, they can inject advertisements into web traffic or steal sensitive data such as passwords. According to ZDNet, Google has been showing developers a warning about phishing emails since last year. However, the developers tell the site that this warning is displayed so often that it has lost its effectiveness.

In the past, various extensions have been modified by malicious parties after gaining access to the associated developer account. Similar incidents recently occurred with the Mega and Hola VPN extensions.