Cybercriminals are targeting Chrome extension developers with sophisticated phishing scams disguised as copyright infringement notices.
The fake alerts claim an extension will be removed from the Chrome Web Store within 48 hours unless the developer files an appeal.
To appear legitimate, the scam asks for the extension ID and then displays the real extension name, icon, and listing details.
This personalized information is publicly available and is used to build trust.
The fraudulent page mimics Google's branding and creates urgency through countdown timers and fabricated complaint numbers.
Developers are then prompted to sign in with Google to verify their identity.
However, the sign-in window is fake.
Any credentials entered are sent directly to attackers, potentially giving them control over developer accounts and extension updates.
Developers should remember that genuine policy notifications appear only in the Chrome Web Store developer dashboard, not on third-party websites.
Anyone who has entered credentials should immediately change passwords, review account activity, enable two-factor authentication, and inspect extension listings for unauthorized changes.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.




