It took Copyfish’s developers a full day to realize they had been breached, and by that time, the hacker had transferred the extension to his own developer account, where it was beyond the reach of its original owners. GitHub is the developer of Copyfish.
Google has been made aware of the situation, but at this time, the extension is still under the control of the unknown hacker. Anyone using the extension is advised to uninstall it until the situation is remedied.
How did all of this happen? Sadly, this was not accomplished by means of some cunning new attack vector, but rather, by using one of the oldest tricks in the book. One of the developers fell for a phishing attack.
He got an email that came, by all appearances, from Google. A brief note informed him that there was a problem with the app and that it had been pulled from Google’s Play Store until the issue was remedied.
Included in the email was a link, and instructions to log in and correct the issue.
Of course, the link led to the hacker’s own website, and when the developer dutifully entered his credentials to “fix” a problem that didn’t actually exist, he inadvertently handed the hacker the keys to their digital kingdom.
This incident underscores the importance of education and mindfulness. There’s a reason that hackers still rely heavily on phishing attacks, and it is simply that it keeps working. All it takes is one momentary lapse of attention. One keystroke worth of carelessness, and your firm could be in big trouble.
Don’t let what happened to Copyfish happen to your company. Education and vigilance are the keys.