37,000 Chrome users duped by fake AdBlock Plus extension
Google let a fake AdBlock Plus extension sneak past its vetting processes and into the official Web Store for the Chrome browser.
Spotted by Twitter cyber security personality SwiftOnSecurity, the dodgy extension has been downloaded by some 37,000 people.
Google allows 37,000 Chrome users to be tricked with a fake extension by fraudulent developer who clones popular name and spams keywords. pic.twitter.com/ZtY5WpSgLt
— SwiftOnSecurity (@SwiftOnSecurity) October 9, 2017
The extension reportedly swamps infected people with adverts and opens up extra tabs without the permission of the user. But because the extension spoofs the legitimate Ad Blocker name, it has managed to dupe thousands of people into downloading it.
SwiftOnSecurity noted that fake extensions appear to get past Chrome’s bouncers and into the Google Web Store, which “smear” the efforts of developers to encourage the use of their legitimate extensions as the spoofed extensions damage their good reputations.
How much trouble the fake AdBlock extension has caused has yet to be seen, but it’s worrying how spammers and cyber criminals can fairly easily spoof legitimate apps and trick people into downloading them due to how legitimate they initially appear to be.
Malicious and fake extensions have long been a problem Google has been trying to stamp out with Chrome, having removed the ability to add extensions to the browser that were not hosted in the Chrome Web Store.
However, it would appear that there are still cracks in Google’s extension vetting and approval process for Chrome, despite narrowing down where such extensions can be downloaded from.
If you suspect an extension may not be legit, it’s worth checking the developer behind it and seeing if they are a genuine software maker or scammers in disguise.
Related: Best browser
Have you been the victim of a dodgy browser extension? Let us know on Twitter or Facebook.