Spammers use the themes section of the Chrome Web Store, the official store for Chrome extensions and themes, to push dodgy streaming subscriptions.
The Chrome Web Store returns extension and theme matches when you search for something. If you search for a recent movie title on the web store, you get matching extensions and themes returned.
While you'd expect themes to just return themes based on movie scenes, characters or posters to you, you probably don't expect these themes to push subscriptions for dodgy streaming services on the Internet.
That's what is happening right now, however, in the Chrome Web Store, and it is not the first time that Google's official Chrome Web Store has been abused. Google had to pull
ad-injecting,
crypto-mining,
copycat, and other
abusive extensions from the Store in the past.
...
....
..
Some of the "watch a movie" themes have thousands of users and have been in the Store for months. It appears that Google's automatic controls don't work properly in this regard and that the reporting functionality that the company built into the Store does not help either.
The title of the themes suggests to Chrome users that they may watch the movie for free and often in high definition. The description of the add-on is filled with keywords but no links, and it seems more of a copy and paste job than anything else.
....
.......
Malicious extensions in Chrome Web store steal user credentials
Suspicious extensions with 4 million installs discovered in Chrome Web Store
CrashFix Chrome Extension Delivers ModeloRAT Using ClickFix-Style Browser Crash Lures