New research shows millions of Google Chrome users have been hit with malware through eight hijacked Chrome ex...

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

Please check the box if you want to proceed.

Please check the box if you want to proceed.

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

tensions.

According to threat protection vendor Proofpoint, the eight compromised Chrome browser extensions include two that were hijacked earlier this month -- Copyfish and Web Developer. According to the Proofpoint researcher known as Kafeine, the other six compromised extensions are Chrometana, Infinity New Tab, Web Paint, Social Fixer, TouchVPN and Betternet VPN. From downloads of all eight hijacked Chrome extensions, nearly 4.8 million users received malicious code from the attackers.

"At the end of July and beginning of August, several Chrome Extensions were compromised after their author's Google Account credentials were stolen via a phishing scheme," Kafeine wrote in a blog post. "This resulted in hijacking of traffic and exposing users to potentially malicious popups and credential theft."

Targeted users were shown a JavaScript alert that said their PC needed to be repaired and were then directed to pay for the false repairs, enabling the attackers to profit from this scheme.

According to Kafeine, the attackers "are leveraging compromised Chrome extensions to hijack traffic and substitute advertisements on victims' browsers. Once they obtain developer credentials through emailed phishing campaigns, they can publish malicious versions of legitimate extensions."

However, Kafeine also noted that, "in addition to hijacking traffic and driving users to questionable affiliate programs, we have also observed them gathering and exfiltrating Cloudflare credentials, providing the actors with new means of potential future attacks."

There is no proof yet that all of the hijacked Chrome extensions were targeted by the same hacker or hacking group, though the compromises all happened in the same time frame.

Google has dealt with security issues surrounding Chrome browser extensions in the past. In 2015, the company implemented a policy that requires all Windows and Mac users and developers to install extensions only from the Chrome Web Store. This change was spurred by concerns about extensions that enabled the download of malware. The policy update also included a feature called Enhanced Item Validation, which runs additional checks on extensions before they are published in the Chrome Web Store.