The Chrome version the app Copyfish was compromised to push out ads and spam after an employee for its publisher A9t9 fell for a phishing scam and gave access to the company's Play Store developers account to an unauthorized individual.
The company said the problem started on July 28, and has since been temporarily fixed, when one of its workers received an email, supposedly from Google, stating that the Chrome extension for Copyfish had to be updated or it would be removed from the app store. The staffer clicked on a link in the email which opened a new page created by the hacker where the person input the company's Google developer account login credentials.
The cybercriminal did not wait long and issued an illegal update for Copyfish on July 29, which was not picked up by the company until July 30 when other company workers began noticing ads and spam being inserted into websites operating the software. When the developers attempted to log into their Google developer account to see what was wrong they discovered the app was gone, the hackers not only had moved it to their developer's account, but locked out A9t9.
“So far, the update looks like standard adware hack, but, as we still have no control over Copyfish, the thieves might update the extension another time… until we get it back. We cannot even disable it - as it is no longer in our developer account,” A9t9 said in July 30 a statement.
The company did post an update on the problem on July 31 saying the issue was posted on a Hacker News forum and a reader there was able to help.
“A HN reader that knows the UNPKG maintainer contacted him directly to get the malware npm packages removed (thanks!). This stops the adware for now,” A9t9 noted, adding that this is only a temporary fix as the company still does not have control over the app.
Only the Chrome extension for Copyfish was impacted, Firefox is working normally, the company said. Copyfish is used to extract text from images and PDF files.