Update: The extension has now returned to its owner and it should be safe to use. Hopefully they’ve learned their lesson and will enable two-factor authentication, while paying more attention to where they entered their credentials.

Copyfish is a pretty popular Chrome extension, with over 37,000 users, and it was recently hijacked through a phishing attack. The hijacker immediately managed to inject ads in the code, to earn money from its users every time they were using the browser.

Copyfish is basically an OCR software that works out of the box and is able to read text from images, PDFs, and even videos directly in your browser. Unfortunately its developers fell to a phishing attack, disguised as a notice from Google and entered their credentials on the attacker’s website. The attacker changed their Google credentials right away and got their hands on the popular Chrome extension, managing to add ads to it, in order to monetize it.

This should be a lesson for everyone, both developers and users. If the developer had used two-factor authentication, this attack wouldn’t be possible. Basically everyone should enable 2FA everywhere they can, because it can prevent attacks like this and even if the attacker gets their hands on your password, 2FA protects you.

Extension users should be wary that basically any extension can fall in the wrong hands and it can be turned into adware, or even worse, malware.