Stolen logins and passwords can be used by attackers to compromise official extensions.
Google Chrome browser extensions developers have become the goal of a large-scale phishing campaign, in which attackers tried to collect credentials for accounts on Google, forcing application creators to visit malicious sites.
With the help of stolen logins and passwords, cybercriminals could log in to the Chrome Web Store control panel and distribute malicious versions of official extensions, ZDNet writes.
Last summer, researchers recorded a similar campaign, as a result of which attackers modified a number of extensions, including Web Developer, Chrometana, Infinity New Tab, CopyFish, Web Paint, Social Fixer, TouchVPN, and Betternet VPN.
As part of a new campaign, scammers are sending letters (dev-support @ webstoredevsupport [.] Com) on behalf of a certain Kevin Murphy (allegedly Kevin Murphy), an employee of the Chrome Web Store team.
In the message, the criminals are trying to force developers under the threat of blocking the account to specify the real e-mail address in the form of Google Form, referring to the new Google policy.
When clicking on the link, the victims appeared on the profile.chromewebstoresupport [.] Com page, requesting authorization in the Google account. Then users are redirected to a clone of the current Google authorization page.
Attentive developers might have noticed that the link to the form redirected the user to the usgbc.org domain, but there will always be someone who does not pay attention to such moments and will be the victim of intruders. In this regard, there is a high probability that in the near future we will hear about cases of compromised extensions for Chrome.
It is worth noting that Google does not use the Google Form to manage account settings. Developers who have filled out such a form are advised to change the account password as soon as possible and conduct a full audit of the extensions for malicious or suspicious code.