Hola VPN: Attackers briefly controlled Chrome extension

Hola VPN, a company that offers VPN services, warns its users that malicious parties had momentary control over its Chrome extension. With that, they carried out a phishing attack on users of Ethereum wallet service MyEtherWallet.

The VPN service found out on July 9 that someone had taken over his Chrome Developer account. As a result, the attacker was able to upload a modified version of the Hola-Chrome extension to Google’s Web Store, which also made it available to users. According to Hola, the extension injected JavaScript into the MyEtherWallet site to steal login credentials. MyEtherWallet is a service that allows the creation of cryptocurrency wallets. It is unclear how many victims the action has caused, on Reddit a user says that his tokens have disappeared.

According to Hola, people were affected who had the malicious version of the extension and logged into MyEtherWallet at the same time without using incognito mode, where extensions are normally disabled. MyEtherWallet warned earlier that attacks took place via the vpn extension and called on users of the extension to transfer their funds to a brand new account. It is not the first time that the service has been targeted by attackers. For example, a phishing campaign has already taken place and the service recently reported a BGP hijack. A fake iOS app from the service also appeared in the past.

Hola offers ‘free’ VPN services in exchange for the use of computing power and bandwidth, for which it has previously been in the news and which has received some criticism. Hola does not disclose how the attackers obtained the credentials needed to access the extension.