This naughty Chrome extension is hijacking users’ searches
Google has axed a Chrome extension from its official Chrome Web Store after it was discovered that the extension was hijacking search engine queries, taking users from their search engine of choice and tossing them into the search wilderness, with pages full of toxic ads.
If you are one of the nearly 7,000 users of Chrome extension YouTube Queue, then you might have been affected.
Ostensibly, the extension allows users to queue up multiple YouTube videos, before replaying them in order upon later viewing. However, it also kept a beady eye on users search enquiries, and when they visited a search engine and typed in a request, they were snatched away and deposited on a search engine called “Information Vine” which is full of malicious advertising and full of both affiliate links and other somewhat sketchy ways to make money.
Related: Best VPN 2019
Cyber security fans might recognise Information Vine as a particularly grim bit of “malvertising” (that’s malicious advertising) spyware from Ask Media, which bounced all search traffic to its page.
Functionally, anecdotal reports from YouTube Queue users starting two weeks ago seem to indicate the same trick was happening then, when the first reports bubbled up on Reddit.
Eric Lawrence, a former Google Chrome developer who is now working on Microsoft Edge, posted a video showing the extension in action yesterday, before tweeting some details about the exploit and how it is being used.
As Lawrence points out, the malicious code causing the redirect is currently not shown on the extension’s GitHub repository, which makes sense, because that would be almost like admitting they were doing bad things in a public space.
The Register spoke to the original developer of the extension who claimed that he sold the extension several weeks ago, making it look like someone has hijacked the app, just like they hijacked users’ search engine requests. The fact that such an app has managed to stay in Google’s official Web Store while loaded with bad code is a whole other discussion that many web developers are now keen to get into.