For those who use Adblock Plus alongside with Google Chrome web browser or recently installed its extension, here is some bad news for them. A fraudulent developer cloned fake Adblock Plus extension for Chrome and successfully bypassed Google verification process ending up getting over 37,000 downloads.
The extension remained available for download with the original one until it was removed by Google after getting alerts from SwiftOnSecurity, a researcher who tweeted that “Google allows 37,000 Chrome users to be tricked with a fake extension by a fraudulent developer who clones popular name and spams keywords.”
Google allows 37,000 Chrome users to be tricked with a fake extension by fraudulent developer who clones popular name and spams keywords. pic.twitter.com/ZtY5WpSgLt
— SwiftOnSecurity (@SwiftOnSecurity) October 9, 2017
SwiftOnSecurity bashed Google for its poor verification process that lets spammers compete with legitimate developers. “Legitimate developers just have to sit back and watch as Google smears them with fake extensions that steal their good name,” said the tweet.
Legitimate developers just have to sit back and watch as Google smears them with fake extensions that steal their good name pic.twitter.com/3Tnv4NtY9t
— SwiftOnSecurity (@SwiftOnSecurity) October 9, 2017
One of the users who downloaded the fake extension said that upon installing the extension, their browser was spammed with ads. However, it is unclear if it dropped any malware or other malicious payloads since the extension has already been removed.
Adblock Plus, on the other hand, has thanked SwiftOnSecurity for alerting users about fake AdBlock Plus extension. In their official blog post, Ben Williams of AdBlockPlus wrote that “We’ve been following this story carefully, and were pleased to see how quickly the false extension was kicked out. It’s a bit troubling, of course, that it made it in there in the first place. Because of this, we’ve stayed on top of would-be scammers for years now, so that you can trust what you’re getting is actually what you want.”
If you have installed the fake Adblock Plus, go to Chrome > More Tools > Extensions and make sure to check its developer’s credentials on Chrome web store.
This is not the first time when a Google Chrome extension has created havoc. A couple of months ago, 7 Chrome extensions were compromised by hackers to conduct malvertising campaign while Google’s security made a laughing stock of itself.
