- Jan 24, 2011
- 9,378
Belgian security researcher Bart Blaze has come across a new method of pushing Chrome extensions using scareware tactics.
The researcher noticed this new trick while surfing the Web. When on a particular site he did not want to name, he noticed an annoying popup trying to scare users into thinking their browser contained malware.
"Your browser contains MALWARE. You have to install Chrome Malware Removal tool," the popup read, which when the user pressed OK, would redirect him to a Google Chrome Web Store page, where the user could install the Chrome Malware Removal Toolextension.
Trying to figure out if the website he was visiting was somehow hacked and compromised to show such annoying popups, the researcher couldn't find anything suspicious in the site's source code.
He did find the source of the popup, but not in the site itself, but in a script loaded by a third-party service which the website had contracted to show its EU Cookie Law consent popups.
The EU Cookie Law popup was secretly loading the second pop-up, which it was using to push the shady Chrome extension down the user's throats.
Read more: EU Cookie Law Popup Pushes Dodgy Chrome Extension Down Your Throat
