Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacker Breaches Chrome Extension of Popular VPN Service Hola, Directs Users To Compromised Cryptocurrency Website (bleepingcomputer.com)

Posted by msmash on from the security-woes dept.

Catalin Cimpanu, reporting for BleepingComputer: A hacker has breached a Hola VPN developer account and has replaced the official Chrome extension with one that redirected users of the MyEtherWallet.com website to a phishing page controlled by the attacker. The compromise took place yesterday and only lasted for five hours the MyEtherWallet (MEW) team said in a tweet. The Hola VPN team admitted to the hack. "The attack was programmed to inject a JavaScript tag in to the MEW site to 'phish' information about MEW accounts that are logging in without being in 'incognito mode', by re-directing the MEW users to the hacker's website," the Hola VPN team said.

1 of 23 comments (clear)

  1. why is a vpn in a chrome extension... by Anonymous Coward · · Score: 2, Insightful

    Seems like a Chrome extension is the wrong place to put a VPN. Maybe that is just me.