A fake Chrome extension for AdBlock Plus stayed online at the Chrome Web Store fooling over 37,000 visitors into downloading it.
If you’ve installed the popular Chrome extension AdBlock Plus recently, you may want to check to see if it’s the legitimate version you downloaded. And that’s because for an undetermined amount of time, a fake AdBlock Plus extension fooled Google’s vetting process and made its way onto the Chrome Web Store.
Before the fake extension was detected by security company SwiftOnDSecurity, it had been downloaded over 37,000 times.
The fake extension would have been difficult to spot, especially when compared to the real one. The logo, name and details were identical to the legitimate AdBlock Plus extension, and it even accumulated a number of reviews before being taken down.
Perhaps the only giveaway is that the real extension would have boasted over 10 million users, while the imposter version had only 37,000 at the height of its popularity.
What the fake extension did when installed is unknown, but many users complained of browser hijacking and unwanted pop-up adverts, meaning this may have been a type of malware known as adware. Luckily for the 37,000 downloaders, this isn’t usually a particularly harmful version of malware, at least when compared to its more serious cousins like ransomware and keyloggers.
Of course it’s frustrating when Google lets potentially harmful apps or extensions thrive in their web stores. Good security advice always instructs readers to download only from the official web stores of vendors – that advice is made redundant if those web stores are frequently visited by malware.
This isn’t the first time dangerous software has thrived on Google’s web stores either. A malicious app found its way into the Google Play store in March 2017 that could steal a user’s Instagram login information, and in May 2017 an estimated 36 million Android devices could have been infected with the Judy malware after 41 infected apps on the Google Play store could have led to a backdoor being installed on any device that installed them.