Six More Chrome Extensions Get Hijacked with Malicious Code
Last Tuesday, a security researcher from Proofpoint discovered that six more Chrome extensions have been hijacked to deliver malicious code to an estimated 4.8 million users.
Kafeine revealed that the following extensions have been compromised:
- Chrometana 1.1.3 [source]
- Infinity New Tab 3.12.3
- Web Paint 1.2.1 [source]
- Social Fixer 20.1.1 [source]
- Betternet VPN
The malicious code is designed to make ad replacements on legitimate sites and generate intrusive popups that redirect the user to a website specified by the attacker.
Previously, extensions Copyfish and Web Developer have been hijacked in a similar manner where the hackers used a phishing email strategy to get the developer’s login details.