According to the authors of the image text extraction extension, they were hit with a phishing attack on July 28 and the perpetrator posing as Chrome Web Store team member then proceeded to update the extension on July 29 after gaining access to their account.
"So far, the update looks like standard adware hack, but, as we still have no control over Copyfish, the thieves might update the extension another time… until we get it back," the developers warned. "We can not even disable it—as it is no longer in our developer account."
It was a classic attack offering an authentic Google login screen and directed them to "Click here to read more details," that opened a "Google" password dialogue box which was instead a bit.ly link. According to
The Hacker News, the actual CopyFish team member was viewing the link in HTML form, so he did not find it immediately suspicious and entered the password for their developer account. Game over at that point. The attacker was now in control of the account and updated it to version 2.8.5 which is now pushing out spam and other malicious content to users.
The author, a9t9 Software GmbH is recommending that you disable or remove the extension if you have it and obviously do not update to the hacked version of 2.8.5 since they are not in control of it and are working with Google to regain access and rectify the situation.
MajorGeeks does list this extension but since becoming aware of the attack have removed it until the situation is reported to be all clear.
