developers as a way of compromising Chrome extensions into spreading affiliate program ads that scare victims into paying for PC repairs . Proofpoint researcher Kafeine has identified six compromised Chrome extensions that have been recently modified by an attacker after p hishing Attack.Phishinga developer 's Google Account credentials . Web Developer 0.4.9 , Chrometana 1.1.3 , Infinity New Tab 3.12.3 , Copyfish 2.8.5 , Web Paint 1.2.1 , and Social Fixer 20.1.1 were compromised in late July and early August . Kafeine believes TouchVPN and Betternet VPN were also comprised in late June with the same technique . Developers of several of the extensions h ave removed Vulnerability-related.PatchVulnerabilitythe threat in recent updates to their affected apps , including Web Developer , Copyfish , Chrometana , and Social Fixer . The main intent of the attack on Chrome extension developers is to divert Chrome users to affiliate programs and switch out legitimate ads with malicious ones , ultimately to generate money for the attacker through referrals . The attackers h ave also been gathering Attack.Databreachcredentials of users of Cloudflare , an availability service for website operators , which probably could be used in future attacks . The hijacked extensions were coded mostly to substitute banner ads on adult websites , but also a range of other sites , and to steal traffic from legitimate ad networks . `` In many cases , victims w ere presented Attack.Phishingwith fake JavaScript alerts prompting them to repair their PC , then redirecting them to affiliate programs from which the threat actors could profit , '' notes Kafeine . At least one of the affiliate programs receiving the hijacked traffic promoted PCKeeper , a Windows-focused tool originally from ZeobitLLC , the maker of the MacKeeper security product that was the subject of a class action suit a few years ago over false security claims . A snippet of JavaScript in the compromised extensions also downloaded a file that was served by Cloudflare containing code with a script designed to collect Cloudflare user credentials after login . Cloudflare stopped serving the file after it was alerted to the issue by Proofpoint . The phishing emails that compromised developers ' Google Accounts p urported to come from Attack.PhishingGoogle 's Chrome Web Store team , which claimed the developer 's extension did n't comply with its policies and would be removed unless the issue w as fixed.Vulnerability-related.PatchVulnerabilityAs Bleeping Computer recently reported , Google 's security team has sent an email warning to Chrome extension developers to be on the lookout for p hishing attacks.Attack.PhishingThe attackers h ad created Attack.Phishinga convincing copy of Google 's real account login page . It 's not the first time Chrome extensions have been targeted to spread adware and promote affiliate networks . In 2014 , adware firms bought several popular Chrome extensions from legitimate developers , which up to that point had maintained trustworthy products .
It seems the old warning 'you get what you pay for ' can just as easily be applied to items purchased on underground forums and the dark web as it can to anything you buy elsewhere , because unbeknown to those experimenting with free phishing kits , they 're secretly b eing phished Attack.Phishingthemselves . An analysis of over one thousand phishing kits designed to allow wannabe cybercriminals to b uild Attack.Phishingphishing emails and websites found that , in a significant proportion of cases , the trainee phishers a re being compromised,Attack.Databreachwith their stolen data being secretly sent to the kit authors . With p hishing Attack.Phishingsimple to carry out but potentially very financially rewarding -- some of the highest profile cyber-attacks of recent years began with a phishing email -- it 's no wonder that newbie hackers want in . But their lack of skill is coming back to bite some of these aspiring cybercriminals , who might find that all their ill-gotten gains are also transferred to the original author of the kit . Researchers at Imperva analysed 1,019 readily-available phishing kits , finding underground markets filled with low-cost and free phishing kits advertised as means of providing aspiring cyber-attackers with a route into the illegal industry . `` Underground markets are full of phishing kits at all levels and cost , some even distributed at no charge , usually revealing one of the oldest rules in the book -- you get what you pay for , '' said Luda Lazar , security research engineer at Imperva . `` Here we found the only free cheese is in the mousetrap , '' she added . While these phishing kits did provide aspiring attackers with the files necessary to c reate Attack.Phishinga copy of target websites and s teal Attack.Databreachvaluable information , many of these free offerings contain an undisclosed backdoor . That means the kit author is able to secretly t rack Attack.Databreachthe campaigns of the crooks using the software and g ain access Attack.Databreachto the stolen information themselves . In doing so , they 're able exploit the likes of stolen usernames , passwords , and credit card details without putting in the effort required to c ollect Attack.Databreachthem . As a result , the phishing kit user ca n't reap much from their criminal gains , as in many cases , victims will change passwords or cancel credit cards if they realise they 've been targeted . `` About 25 percent of the kits contained implicit recipients which r eceive Attack.Phishingemails with t he phishing Attack.Phishingresults as well as the kit buyers who were intended to receive it . We assume that the hidden addresses belong to the kits ' authors , which are actually s tealing Attack.Databreachfrom the inexperienced phishers who deploy these kits , '' said Lazar . Ultimately , by offering these phishing kits for free , it provides those behind them with the largest possible pool of victims to exploit -- and it 's not as if a hacker can complain to the authorities that they 've been scammed .
malware -- and they 're even m imicking Attack.Phishinginternal corporate travel and expenses systems to steal personal details from the victims they target . While cybercriminals using the lure of fake travel itineraries to d upe Attack.Phishingstaff working in sectors reliant on shipping goods or employee travel is n't new , researchers have uncovered a particularly advanced p hishing attack.Attack.PhishingDiscovered by cybersecurity researchers at Barracuda Networks , this airline p hishing attack Attack.Phishinguses a variety of techniques to capture sensitive data from victims and deploy an advanced persistent threat . The email from the attacker i mpersonates Attack.Phishinga travel agency or an employee in the target 's own HR or finance department . The email 's subject line c laims Attack.Phishingit 's a forwarded message about a flight confirmation , stating the airline , the destination , and the price of the flight . All three of these elements are carefully researched by the attackers , who select them specifically according to the target , in order to make the email look legitimate in context of the company and the email recipient . Taking the time to t ailor Attack.Phishingphishing emails in this way works : these messages are opened 90 percent of the time , one of the highest success rates for p hishing attacks,Attack.Phishingaccording to Barracuda . Once opened , the email presents the target with an attachment in the form of a PDF or Microsoft Word document . The attachment p urports to be Attack.Phishinga flight confirmation or receipt but , of course , it 's neither of these things . When the target opens the attachment , the malware runs immediately , dropping an advanced persistent threat into the network , and enabling the attacker to stealthily monitor the infected organisation -- likely with the aim conducting espionage and s tealing Attack.Databreachdata . Another variant of t his attack Attack.Phishingwhich , instead of dropping malware to stealthily steal data , uses phishing links to directly take sensitive information from the victim . These phishing links are ultimately designed to t rick Attack.Phishingthe victim into supplying sensitive corporate credentials , which the attackers will then use to infiltrate the company network , databases , and emails in order to s teal Attack.Databreachinformation . Cybersecurity researchers warn that the combined use of impersonation , malware , and p hishing Attack.Phishingis particularly dangerous because these methods complement one another , enabling the attacker to essentially gain control of the network . At this stage , the attackers can stealthily conduct espionage or even drop additional malware and ransomware . Sometimes it can be very difficult to identify a phishing email , but the likes of sandboxing and advanced persistent threat prevention combined with employee training and awareness can increase the chances of preventing attacks from compromising the network