Malware News Chrome Extension Devs Use Sneaky Landing Pages after Google Bans Inline Installs

[LASER_oneXM]

Content source

https://www.bleepingcomputer.com/news/security/chrome-extension-devs-use-sneaky-landing-pages-after-google-bans-inline-installs/

Distributors of unwanted Chrome extensions are coming up with new, sneaky, and simple methods to trick users into installing their extensions now that Google has banned inline installs.
In the past, unwanted extension purveyors would create deceptive landing pages that try and trick users into installing an extension. These pages would pretend to be security checks, prompts that a download is ready, or simply display annoying javascript alerts that would not go away.
Ultimately, based on some action such as clicking the install button or simply trying to close an alert, the site would attempt to perform an inline install of the extension directly from their site rather than from the Google Chrome Web Store.

Ban inline installs? No problem

The banning of inline installs means that Chrome extensions have to be installed directly from the Chrome Web Store. To get past this, extension developers are simply opening a new window that opens the extension's page and resizes the window so its integrated into their landing page.

 

[Local Host]

The fact they manage to keep malicious extensions in Google own Store, is hilarious.