Skip to main content

Chrome Extension Copyfish Gets Hacked

By August 9, 2017March 1st, 2023Cybersecurity

The third-party Chrome extension Copyfish recently got hacked. As a result, the hackers were able to inject malicious JavaScript code into the code base and use it to display ads on all the pages users who had the extension installed viewed.

It took Copyfish’s developers a full day to realize they had been breached, and by that time, the hacker had transferred the extension to his own developer account, where it was beyond the reach of its original owners.

Google has been made aware of the situation, but at this time, the extension is still under the control of the unknown hacker. Anyone using the extension is advised to uninstall it until the situation is remedied.

How did all of this happen? Sadly, this was not accomplished by means of some cunning new attack vector, but rather, by using one of the oldest tricks in the book. One of the developers fell for a phishing attack.

He got an email that came, by all appearances, from Google. A brief note informed him that there was a problem with the app and that it had been pulled from Google’s Play Store until the issue was remedied.

Included in the email was a link, and instructions to log in and correct the issue.

Of course, the link led to the hacker’s own website, and when the developer dutifully entered his credentials to “fix” a problem that didn’t actually exist, he inadvertently handed the hacker the keys to their digital kingdom.

This incident underscores the importance of education and mindfulness. There’s a reason that hackers still rely heavily on phishing attacks, and it is simply that it keeps working. All it takes is one momentary lapse of attention. One keystroke worth of carelessness, and your firm could be in big trouble.

Don’t let what happened to Copyfish happen to your company. Education and vigilance are the keys.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.