Adblock Plus is one of the most popular extensions for Chrome with more than 10 million users and 150,000 glowing reviews. However, a spammer was recently able to infiltrate the Chrome web store with a knockoff of Adblock Plus that didn’t trip Google’s security measures. This rogue extension racked up more than 37,000 installations in just a few days.
It should be troubling to Google and users of Chrome in general that this extension made it into the store. There are some obvious red flags here that should be easy to filter. For example, the app’s entire description is a long string of keywords intended to boost its presence in searches. The screenshots also don’t show anything related to the claimed functionality. At the same time, it looks just real enough that the average user could be fooled. It popped up in search results with the right icon and name, and even the developer name was “Adblock Plus.”
The functionality of the fake Adblock Plus appears to be showing more ads. That’s really the opposite of what people want when they install the real Adblock Plus. Reviews of the extension claimed that immediately after installing the fake, scores of tabs with autoplaying video ads began appearing. That’s a rather inelegant way of spamming people–it was apparent to users what caused the problem. The fake reviews stuffed in by the developer couldn’t cover up the scheme for long.
The Twitter account @SwiftOnSecurity tweeted about the phony extension, which got Google’s attention. Within a day, the extension had been removed from the Chrome web store. Google also offered a post-mortem of sorts to explain what happened.
Legitimate developers just have to sit back and watch as Google smears them with fake extensions that steal their good name pic.twitter.com/3Tnv4NtY9t
— SwiftOnSecurity (@SwiftOnSecurity) October 9, 2017
According to the Chromium team, they removed the fake extension from the store within minutes of confirming it as malware, and Google also remotely killed it on Chrome installations. The developer account was suspended as well. Upon closer examination, Google found several similar extensions that were blocked from the store by automated processes. This one just slipped through the cracks, but the Chromium devs have figured out why that happened and are preparing to implement a fix. The exact nature of that fix is not being revealed because doing so could help malware infiltrate the Chrome Web store in the future.
In the meantime, you should give Chrome extensions more than a cursory glance before installing them. It’s nice to know Google is responding to this incident, though.