A Hacker Hijacked Hola’s VPN Chrome Extension, Targeting Cryptocoin Owners

A Hacker Hijacked Hola’s VPN Chrome Extension, Targeting Cryptocoin Owners

The phishing version uploaded to the Chrome Web Store targeted users of popular crypto wallet service MyEtherWallet

Lilach Baumer  13:12  11.07.18
The Google Chrome extension of VPN service provider Hola on Google’s Chrome Web Store was replaced with a phishing version targeting users of a popular crypto wallet. In a blog post published Tuesday, Hola said the extension available for download on the Chrome Web Store was replaced on Monday for five hours after the company’s Google Store account was compromised. The company has since then replaced the extension with its own.

For daily updates, subscribe to our newsletter by clicking here.

 

Israel-headquartered Hola Networks Ltd. provides freemium peer-to-peer VPN services. The company’s Chrome extension was downloaded by over 8 million users, according to its Google store page.

Hola co-founder and CEO Ofer Vilenski. Photo: Amit Sha Hola co-founder and CEO Ofer Vilenski. Photo: Amit Sha'al Hola co-founder and CEO Ofer Vilenski. Photo: Amit Sha

According to the statement posted by Hola, the company’s deployment team discovered on Monday that its store account was compromised, enabling a hacker to replace the official version with a modified version intended to “phish” information and redirect users to the hacker’s website. Hola stated that it quickly managed to secure the account and reinstate the official version of the extension.

A company investigation determined that the target was popular crypto wallet service MyEtherWallet, Hola wrote, leading Hola to notify both the cryptocurrency service and Google about the breach. The company also stated it has set up a cybersecurity response team to investigate the incident, and recommended that MyEtherWallet users change their password and only log in to their accounts in incognito mode.

On Tuesday, popular crypto wallet MyEtherWallet tweeted that users of Hola's extension could have had their MEW activity logged. The company advised all those who had the extension installed and used their wallets within the last 24 hours to transfer their funds to a new account immediately. MEW was just recently the target of a Denial-of-Service (DNS) attack that saw $365,000 worth of cryptocurrency stolen in April.

Related stories

In 2015, Hola was accused by a group of researchers of selling access to its network in a way that enabled malicious use. The researchers also stated that Hola’s client software had flaws that enabled client tracking. Following the claims, Hola made changes to its product.

In August 2017, Hola sold a controlling stake in its enterprise-facing division to British Private equity firm EMK Capital LLP.
share on facebook share on twitter share on linkedin share on whatsapp share on mail

TAGS