02 June 2019
A fake AdBlock Plus extension meant for Google Chrome browser has managed to trick over 37,000 users into installing it over the legitimate one. The situation becomes even more serious considering that this fake extension was available via official Chrome Web Store which means the culprit also fooled Google's security and verification process successfully.
This culprit extension was first spotted and brought to everyone's notice by an anonymous security expert who goes by the name SwiftOnSecurity on Twitter. In his tweet, he mentioned that the attacker fooled people by using the same name as the original AdBlock Plus extension as well as by spamming keywords.
Google allows 37,000 Chrome users to be tricked with a fake extension by fraudulent developer who clones popular name and spams keywords. pic.twitter.com/ZtY5WpSgLt— SwiftOnSecurity (@SwiftOnSecurity) October 9, 2017
The good news is that the fraudulent extension listing has now been removed from the Chrome store by Google. It is hard to tell whether it was aimed at collected private user data or at some other kind of malicious activity. But one of the reviewers of the extension on the store listing mentioned that he started to get intrusive ads which opened multiple tabs in the browser after the installation. It appears to be the same kind of experience as it happens on those sites which offer pirated materials for free download.
It is a relief that Google has taken measures to remove the extension from the store but considering that it managed to sneak into the store by fooling its security measures, it is indeed a major issue of concern. It is not the first time that a phony extension has made its way to the store and Google is yet to comment anything on the issue like how the extension managed to get passed its vetting process. We will keep you updated as soon as any official words are shared.