The developer of a very popular Google Chrome extension has regained access over his tool after an unknown hacker had managed to hijack his developer account and push a malicious version that contained adware.
The extension's name is Web Developer, a tool developed by Chris Pederick, Director of Engineering at Bleacher Report. The extension overlays a popup with various debug tools that developers can use when building or editing their websites.
According to Pederick, on August 2, he fell for a phishing email that allowed an unknown hacker to take over his Google developer account.
I stupidly fell for a phishing attack on my Google account— Chris Pederick (@chrispederick) August 2, 2017
The hacker used this access to insert malicious code inside the Web Developer extension and push out an update (v0.4.9) to the extension's one-million-strong userbase.
The update inserted ads inside sites users were visiting. The malicious update was live only a few hours, as Google engineers intervened and took down the extension.
Weird thing is I could only get 2 machines out of 10 to generate the ads. All had 0.4.9 on them. pic.twitter.com/ZG0L1h75qT— ᕦ[ •́ ﹏ •̀ ]⊃-]═── (@SEOMalc) August 2, 2017
Late in the evening, on the same day, Google reactivated the extension after Pederick regained access over the developer account and released Web Developer version 0.5 that removed the adware code.
Pederick also runs Firefox and Opera versions of the same extensions. These were not affected.
The developer did not respond to a request for comment from Bleeping Computer in time for this article's publication. [UPDATE: Pederick has told Bleeping Computer he decided to publish a blog post detailing a timeline of events.]
Over the weekend, someone compromised another Chrome extension in the same way. The owners of Copyfish — on OCR extension for Google Chrome — also fell for a phishing email and someone took over their developer account. The hijackers did the same thing and used the developers' account to push a malicious update that inserted ads on the websites Copyfish users were trying to view.