Sometimes cyber criminals go straight after users. Ransomware attacks are a good example of that approach. Other times they take a less direct approach, as they did with a recent ad fraud campaign that targeted Google Chrome users.
Copyfish is a translation plug-in for Google Chrome. It isn’t one of the most-used Chrome extensions by any means. Based on the most recent information from Google’s Web Store, it had somewhere over 30,000 users. To a criminal, that’s still a fair-sized pool of potential victims. 30,000-plus hijacked users can drive a great deal of fraudulent ad views in a relatively short time span.
You may not have heard of online ad fraud and clickjacking, but they’re very widespread problems. It’s difficult to know exactly how widespread, too, because they often go unreported. People that aren’t so technologically inclined may simply think the increased number of ads they’re seeing — or a sudden change in their content — isn’t anything out of the ordinary. They’ve become accustomed to auto playing video ads, pop-ups, and full-page overlays on websites, after all.
Sneaking malicious code into a users’ web browser is a very effective way to kick off a fraud campaign.
The hacker’s (or hackers’) nefarious plan began the same way so many cyber attacks do: with a phishing email. The message that was sent to the Copyfish developers looked like an urgent notice from Google. They needed to act quickly, it purported, or the extension would be removed from the Chrome Web Store. READ MORE