Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2017-08-23 14:08:17

Algaris
Member
From: England
Registered: 2006-01-27
Posts: 553

Chrome Extension attacks used to steal Cloudflare credentials

I know some people here use Cloudflare so I thought I’d share this link:

https://www.wordfence.com/blog/2017/08/chrome-browser-extension-attacks/

In June, July and August, developers of the following Chrome extensions had their login credentials stolen through a phishing attack. The extensions affected are:

  • Web Developer – Versions 0.4.9 affected
  • Chrometana – Version 1.1.3 affected
  • Infinity New Tab – Version 3.12.3 affected
  • CopyFish – Version 2.8.5 affected
  • Web Paint – Version 1.2.1 affected
  • Social Fixer 20.1.1 affected
  • TouchVPN appears to have been affected but the version is unclear
  • Betternet VPN also appears to have been affected but no version was provided

Once a victim installed a compromised Chrome extension, the extension would steal Cloudflare credentials if the victim has a Cloudflare account. The extension did this by making a request to a URL on Cloudflare to get an API key.

Last edited by Algaris (2017-08-23 14:11:34)

Offline

Board footer

Powered by FluxBB