Slashdot Mirror
Hacker Breaches Chrome Extension of Popular VPN Service Hola, Directs Users To Compromised Cryptocurrency Website (bleepingcomputer.com)
Catalin Cimpanu, reporting for BleepingComputer: A hacker has breached a Hola VPN developer account and has replaced the official Chrome extension with one that redirected users of the MyEtherWallet.com website to a phishing page controlled by the attacker. The compromise took place yesterday and only lasted for five hours the MyEtherWallet (MEW) team said in a tweet. The Hola VPN team admitted to the hack. "The attack was programmed to inject a JavaScript tag in to the MEW site to 'phish' information about MEW accounts that are logging in without being in 'incognito mode', by re-directing the MEW users to the hacker's website," the Hola VPN team said.
Seems like a Chrome extension is the wrong place to put a VPN. Maybe that is just me.
I was seeing redirects on my Chrome browser two weeks ago. Virus/Malware scans from various products didn't turn up anything. I removed the Hola extension and the redirects were gone.
I repeat my proposal for an extension protection mechanism. The more popular an extension gets the bigger opportunity to profit of its compromise exists. It will take an "extension conficker" before security is taken seriously.
Cryptocurrency being stolen with old fashioned stuff like actual hacking and phishing, rather than by saying "we got hacked" and running away with your users' bits.
xkcd is not in the sudoers file. This incident will be reported.
If the hacked extension was only up for five hours, then there is no way that both Hola VPN users could have been affected.
Hola has been shat on for a number of issues over the years. Anybody still using it pretty much deserves to have this happen to them.
I'll just eat some popcorn while I watch morons blame this on javascript instead of realizing that the issue is with people/logic/greed and that any language would result in the exact same outcome.
LET THE CIRCUS OF STUPID BEGIN
So does this only affect people that use Hola and use MyEtherWallet?
I'm a good cook. I'm a fantastic eater. - Steven Brust
I am APK the great "LORD of HOSTS", a.k.a. AlecStaar or Alexander Peter Kowalski.
I am the godlike creator of various GUI front-ends for other people's configuration files.
Calling people ne'er-do-wells or Jealous JOWIEs is how I think I win every argument
When people state the truth about me I get really mad and accuse them of projecting which is something I do all the time.
Don't call me out on anything unless you are willing to prove you too can write some strings to a file programmatically
Spamming and being a general pain in the ass is what I do
Listen as I relive my glory days of being a college athlete in the early 80s
Bask in my greatness as I can do a ping as a non root user.
Watch as I whine about my work being flagged as malware by anti-virus software.
Witness my descent into madness
APK
See subject: "Imitation=sincerest form of flattery" PROVING u WISH u were ME & poor imitation = u.
* I don't post on hosts in topics that don't fit it (unless you of "moron kind" bring it up 1st)
(Hence, you give yourself away you're impersonating me!)
You're the one descending into madness, loonybird.
APK
P.S.=> What are you trying (& failing) to accomplish? Trying to "make me look bad"?? I have to ask as it's EXTREMELY DIFFICULT for me to "think like 'your kind'" (no-mind do-NOTHING "ne'er-do-wells" that can't think, lol) to even TRY to understand your "mental processes" (none obviously that are up to any good)... apk
gheyed
prease 2b lrnink2engrish.
It's all s'kiddies and posing. Lots of it. msmash and bleepingcomputer are themselves good examples.
I hacked my balls with my armpit hairs.
so youre saying you have stinky balls?
This has been happening far too often recently.