It seems that a fake AdBlock Plus extension managed to sneak its way on to the Google Chrome webstore recently. A fraudulent developer managed to sneak the dodgy, adware filled extension past Google’s usual security checks, going on to affect 37,000 users.
The extension would place adverts rather than remove them and would also open up extra browser tabs without user permission. Since the extension copied the AdBlock Plus name, it managed to fool quite a lot of people.
The extension was first spotted by SwiftOnSecurity, which notes that this extension was created by a developer that regularly clones popular extension names/ key words to trick people into downloading dodgy software.
This latest issue has shown that there are some obvious cracks in Google’s vetting system for approved extensions. If you are installing a browser extension, then it is usually best to double check the developer behind it and look into it a bit more to be sure. Google has yet to comment on this issue but hopefully the company will use this opportunity to bolster security.
KitGuru Says: Fake extensions have been a problem for years, though they should be less common on Google’s own Chrome Web Store. Hopefully this will be an opportunity for Google to fill any gaps in its security going forward.