In early August 2017, unknown hackers opened a real "hunt" for developers of extensions for Chrome. Earlier it was reported that the authors of the Copyfish and Web Developer extensions suffered from targeted phishing attacks, but it soon became clear that these are not isolated cases, and this malicious campaign is of an impressive scale.
Let me remind you that hacking developers Copyfish and Web Developer and intercepting control over their products was not a mere coincidence. In both cases, the developers became victims of phishing emails allegedly written on behalf of employees of the Chrome Web Store. After they entered their credentials on the website of the attackers (which can hardly be distinguished from the present one), they used the information they received to intercept control over the extensions, and after releasing malware updates of products that, in particular, implemented advertisements in all pages viewed by users .
Now a specialist of the company Proofpoint, known under the pseudonym Kafeine, reported on the compromise of six more popular extensions:
Chrometana1.3 [burglary message];
Infinity New Tab12.3;
Web Paint2.1 [burglary message];
Social Fixer1.1 [burglary message];
TouchVPN;
Betternet VPN.