Google Chrome Extensions hijacked by hackers

Oliver Bradshaw | Last Updated:

Technical VPN Analyst

Google Chrome extensions hijacked by hackers

Proofpoint, a leader in the world of cybersecurity, has released information related to a recent hack that affected eight Google Chrome extensions – including Betternet and TouchVPN, 2 popular free VPN programs.

These eight Google Chrome extensions were hijacked by hackers – and since the initial hack in June, it’s suspected that millions of users may have suffered from malicious popups, data theft, and potential identity theft.

Google Chrome Apps hacked via phishing exploit

The discovery of this breach was made by Kafeine, a specialized group of researchers at Proofpoint. These researchers discovered that a simple phishing exploit had given hackers control over several Chrome developer accounts – allowing malicious code to be injected into the affected apps by hackers.

The hackers simply created a fake Google login account page. On this page, the Chrome developers unwittingly provided their account details directly to hackers, providing them with access to their applications.

The affected apps are as follows:

  • Copyfish, an OCR software
  • Web Developer, an extension that provides web development tools
  • Chrometana, which allows users to redirect Windows queries from Bing to another search engine
  • Infinity New Tab, a program which creates custom homepages for Chrome users
  • Social Fixer, an extension which “fixes” various issues with Facebook.
  • Web Paint, an extension which allows live drawing on web pages
  • TouchVPN, a popular web-based free VPN
  • Betternet VPN, another free VPN with a Chrome extension

It’s recommended that anyone who uses these apps remove and reinstall the newest versions, which are unaffected by the previous malicious data breach.

Hacked Apps Displayed Malicious Ads

Users of these eight apps reported being “flooded” with massive numbers of advertisements for adult video sites and other such pages – which is how the hackers monetized their malicious software. While users of TouchVPN and Betternet VPN are used to seeing some ads – as this is how these free VPNs make money – they also noticed quite a few more popups and advertisements.

In addition, phony Javascript prompts appeared on user’s desktops, warning them that they needed to “repair” their PC. These prompts redirected to pricey PC repair software – and the hackers benefitted from any sales of this software.

It is also possible that users of these extensions may have lost personal data, and could have their personal information exposed for identity theft.

At this time, it is unclear who is responsible for these attacks. However, one thing is clear – browser extensions can be a real risk to your security. It’s best to minimize your use of browser extensions from unknown sources, and attempt to only use reputable, secure extensions developed by professionals.

PRIVACY ALERT: Websites you visit can see your current IP Address:

  • Your IP Address:
  • Your Location: Ashburn, US
  • Your Internet Provider:

* Scammers, Governments, and Advertisers can use this information to track and target you.

Our recommended vpn service provider for general all-round internet security and online privacy is ExpressVPN. It offers an excellent selection of online security and internet privacy features, excellent speed, and the ability to unblock your favorite streaming services (Netflix, Hulu, Amazon Prime, BBC iPlayer).

Visit ExpresssVPN

Categories: News

view further information about ExpressVPN prices

Our Testing Process

  1. Security
  2. No-Logs Policies
  3. Speed
  4. Streaming
  5. Torrenting
  6. Censorship
view further information about ExpressVPN product features