Over 37,000 Chrome Users Installed a Fake AdBlock Plus Extensions

[LASER_oneXM]

Google has removed a malicious extension from its Chrome Web Store that posed as the popular AdBlock Plus ad blocker but forcibly opened new tabs to show ads to users.

Discovered by a security researcher going by the pseudonym of SwiftOnSecurity, the extension [1, 2] had over 37,000 users at the time it was taken down late last night.

Not entirely Google's fault
As the researcher points out in a Twitter tirade aimed at Google's staff, the problem was that Google allowed another developer to upload an extension with the same name to another.

"Google allows 37,000 Chrome users to be tricked with a fake extension by [a] fraudulent developer who clones popular name and spams keywords," the expert said. "Legitimate developers just have to sit back and watch as Google smears them with fake extensions that steal their good name."

Users could have spotted the fake extension based on the blob of unrelated keyboards the fraudulent developer added to the extension's description. These hot keywords allowed the fake extension to pop up in unrelated search queries.

Also, if users checked the extension's Reviews tab they could have also averted a disaster, as most users decried the extension's abusive tab-opening behavior.

Situations like these happen because the process of uploading extensions on the Chrome Web Store is automated and Google employees only intervene following situations like these. This automated process has allowed Google to build its Web Store, which has surpassed Mozilla's add-ons repository to become the biggest browser extensions portal among all browsers.

For this particular case, it appears that the extension's developer might have used a different ID from the one used by the original AdBlock Plus extension and might have taken advatange of a homograph attack using Cyrilic characters in the extension's ID to bypass Google's Web Store checks.

 

[Transhumana]

A new reminder to be extra careful while installing anything and to pay attention to every single detail

 

[LASER_oneXM]

^^ yeah... ....before installing anything on my machines i'm always checking many (security) boards, security sites etc. to be sure that my software is 'clean'... ...and of course before installing i'm checking everything on sites like virustotal.com, virusscan.jotti.org etc.

 

[tim one]

It seems this fake extension would have begun to send invasive ads. But it is not clear whether the malicious application can have effects even more harmful than spam..
BTW damn fraudulent clone

 

[Syafiq]

Well then, fake extension again luckily, i'm currently not using adblocker. If i will use an adblocker, i will choose Adguard or Ublock Origin instead of ABP

 

[mlnevese]

Nothing is 100% safe. And it's easier to trick someone than most people think. Brain.exe is bugged as hell.

 

[_CyberGhosT_]

Key word here is "Chrome Users"
FF is my "ride or die"

 

[suma]

Many days ego shifted Adblock plus to Ublock origine.

 

[Local Host]

It's not the first time Ad-Block Plus is under controversy, reason why I shifted to uBlock Origin years ago!

Currently I use the Adguard App though, since it works in all the browsers.

 

[In2an3_PpG]

Key word here is "Chrome Users"
FF is my "ride or die"

+1