To Attack Users, Hackers Target Programmers

Google sent an extension developer alert to Chrome after a wave of fake emails was sent to developers. The aim of criminals is to take control of extensions that already have a large user base and inject into them unwanted codes, taking advantage of the automatic update feature to distribute the new code to all users. It is not entirely clear what the invaders want. But extensions can change the browsing experience and allow the theft of various data, including passwords used on the web. At least one extension has been tampered with to display commercials. Among the compromised extensions are Infinity New Tab, which has 450,000 users, Copyfish with 35,000, Web Developer with one million, and Live HTTP Readers, which has been blocked by Google and has not yet returned to Chrome Web Store.

Invaders send a fake emails to extension developers. The message tries to pass an official Google communiqué and has links that, if clicked, lead to fake login pages. If the developer provides their password on the fake page, it is sent to the attackers, who can then access the Google account. Google’s email alert sent to developers, released on Bleeping Computer, suggests that developers activate 2-step authentication for their Google accounts and caution in opening the links. Fraudulent messages can also be forwarded to a special support email from Google itself. Before resorting to fake e-mails to attack developers, scam artists made commercial offers and purchased extensions directly from their creators.

Attacks on programmers

Virtual criminals are finding themselves forced to deal with a rather difficult reality when they try to attack users. Several advances in software and system security have prevented some old tricks from working. In the mid-2000s, when Microsoft’s most commonly used web browser was Microsoft’s Internet Explorer, the most common tactic was to install malicious code from malicious pages using browser crashes. With the adoption of Firefox and Chrome, which are safer, scammers have come to depend on installing extensions in browsers to reach Internet users. But Google and Mozilla have reacted by blocking the installation of extensions from unofficial sources. Interestingly, one of the major advances in security has been precisely the adoption of agile automatic update mechanisms. But in these attacks on the developers, the automatic update starts to contribute to the attacks, at least in the sense of victimizing more people in less time.

The automatic update feature was also central in the case of the NotPetya virus, which attacked Ukraine through the automatic updating of the ME Doc software. A law firm in Ukraine is calling on victims of the virus to file a lawsuit against the company that develops the Software. A major risk is that such attacks can target mobile applications. Chinese iPhone software developers have already suffered from this problem in, the case of “Xcode Ghost”. At the time, an alternate source for downloading Xcode, an official Apple program, had contaminated the software to inject unwanted code into mobile apps. The attacks against the developers and automatic update mechanisms, however, are much more direct than the case of Xcode. In any case, programmers and software companies should or should be far more prepared to deal with attacks than others. The tendency, however, is for future attacks to reveal more unpreparedness among those who should have more knowledge.

Related Posts

Best Android Phones

Best Android Phones

The Best Android Phones have many great features, and it can be hard to decide which one to buy. There are no longer any major manufacturers of…

Printing Terminology

Creating designs and layouts for an offset printing project may seem like a daunting task, but it really isn’t too difficult. Most printers usually have a set…

v

PPC: Quick Results with Small Investment

If you are starting a business online, you are in a hurry to receive visitors so that you can convert them into actual buyers. But your dreams…

Content Marketing

Importance and Uses of Content Marketing

Content marketing is an important type of marketing that depends upon meaningful and fresh content that is valuable for the readers. This content not only helps in…

E-commerce

Web Development E-commerce Website

Normally when someone hires an expert to make a website for himself, all that is in his mind is a good-looking website with content and images that…

Redesign Your Website

5 Reasons To Redesign Your Website

A man has a simple shop of flowers, his customer dealing was very good and he generated sufficient revenue every single day. Four years later, another floral…

Leave a Reply

Your email address will not be published. Required fields are marked *