37,000 Chrome users downloaded a fake Adblock Plus extension
If you use Adblock Plus with Chrome and downloaded the extension pretty recently, you may want to check what you’ve installed. Apparently, a fake Adblock Plus extension made it through Google’s verification process and lived in the official Chrome Web Store alongside the real one. Google has taken down the phony listing after SwiftOnSecurity tweeted about it and put the company on blast, but by then, it has already been up long enough to fool 37,000 people. That’s a drop in the bucket for a service that has 10 million users, but it sounds like trouble for those who were unlucky enough to download it.
Google allows 37,000 Chrome users to be tricked with a fake extension by fraudulent developer who clones popular name and spams keywords. pic.twitter.com/ZtY5WpSgLt
— SwiftOnSecurity (@SwiftOnSecurity) October 9, 2017
Legitimate developers just have to sit back and watch as Google smears them with fake extensions that steal their good name pic.twitter.com/3Tnv4NtY9t
— SwiftOnSecurity (@SwiftOnSecurity) October 9, 2017
I’m being mean to Google because there’s no way their Chrome team is happy with this extension vetting/moderation situation.
— SwiftOnSecurity (@SwiftOnSecurity) October 9, 2017
SwiftOnSecurity says the fake extension was created by a “fraudulent developer who clones popular name and spams keywords.” Indeed, it’s pretty hard to tell that it’s fake, since its developer’s name is “Adblock Plus,” and it has a considerable number of reviews.
According to one of the fake Adblock’s reviewers, he started getting invasive ads that open lots of tabs after he installed it. Unfortunately, it’s unclear what else it can do or if it has even more detrimental effects that we still don’t know of. We asked Google if it has unearthed anything about the fraudulent extension, but even if we never hear back, it may be best to re-install Adblock Plus if you notice getting random ads after downloading it.
(49)