Copyfish - Free OCR Software for Chrome Compromised by Phishing Attack
Posted by: Jon Ben-Mayor on 07/31/2017 12:42 PM
[
Comments
]
According to the authors of the image text extraction extension, they were hit with a phishing attack on July 28 and the perpetrator posing as Chrome Web Store team member then proceeded to update the extension on July 29 after gaining access to their account.
It was a classic attack offering an authentic Google login screen and directed them to "Click here to read more details," that opened a "Google" password dialogue box which was instead a bit.ly link. According to The Hacker News, the actual CopyFish team member was viewing the link in HTML form, so he did not find it immediately suspicious and entered the password for their developer account. Game over at that point. The attacker was now in control of the account and updated it to version 2.8.5 which is now pushing out spam and other malicious content to users.
The author, a9t9 Software GmbH is recommending that you disable or remove the extension if you have it and obviously do not update to the hacked version of 2.8.5 since they are not in control of it and are working with Google to regain access and rectify the situation.
MajorGeeks does list this extension but since becoming aware of the attack have removed it until the situation is reported to be all clear.
It was a classic attack offering an authentic Google login screen and directed them to "Click here to read more details," that opened a "Google" password dialogue box which was instead a bit.ly link. According to The Hacker News, the actual CopyFish team member was viewing the link in HTML form, so he did not find it immediately suspicious and entered the password for their developer account. Game over at that point. The attacker was now in control of the account and updated it to version 2.8.5 which is now pushing out spam and other malicious content to users.
The author, a9t9 Software GmbH is recommending that you disable or remove the extension if you have it and obviously do not update to the hacked version of 2.8.5 since they are not in control of it and are working with Google to regain access and rectify the situation.
MajorGeeks does list this extension but since becoming aware of the attack have removed it until the situation is reported to be all clear.
Comments
