Fake AdBlock Plus extension bypassed Google vetting, downloaded 37,000 times!

Its deja vu time for security experts after a researcher discovered the presence of a fake AdBlock Plus blocker that was essentially a sophisticated adware masquerading as a genuine Chrome extension.

The adware masquerading as an AdBlock Plus extension was being used by over 37,000 users before it was detected and taken out.

In a scathing commentary on Google's Chrome extension-vetting policy, a security researcher who uses the pseudonym @SwiftOnSecurity, revealed on Twitter that Google's lax vetting policy allowed over 37,000 Chrome users to be duped by an adware masquerading as the official AdBlock Plus extension.

'Google allows 37,000 Chrome users to be tricked with a fake extension by fraudulent developer who clones popular name and spams keywords.

YOU MAY ALSO LIKE:

'Legitimate developers just have to sit back and watch as Google smears them with fake extensions that steal their good name,' the researcher said in a series of tweets.

He added that the fact that Google allowed a fraudulent developer to create a fake extension by impersonating a genuine one, means that other fraudulent developers will also be allowed to do the same and commit fraud on both genuine developers as well as Chrome users.

The fake AdBlock Plus extension didn't block any ads but in fact opened new tabs to show ads to users. The same was observed by many Chrome users who reported the extension's abnormal behaviour on the extension's review page.

The malicious extension was possibly able to bypass Google's Chrome extension-vetting process because extensions are only looked into by Google's security teams when they are reported by users or other concerned researchers. After SwiftOnSecurity unmasked the fake AdBlock Plus extension, Google removed it from its extensions store.

Deja vu

Security researchers are well aware of how hackers are now exploiting the trust that consumers place on genuine programmes to inject their devices with malware. The fake extension exploit now reminds us of how, in May, hackers created a fake web app named 'Google Docs' to gain access to users' contacts lists and email accounts.

Given that such exploits are increasing by the day, Chrome users would do well not to place the responsibility for their security and privacy on Google alone, but should inspect extensions and read their reviews before downloading them to avoid being victimised by phishing attempts.

'While the underlying issue around the popularity of this fake extension lies with Google, due to it allowing more than one extension of the same name to pass its controls, and its automated processes, the bulk of the responsibility has to lie with the users who installed it.

'Keyword stuffing in the extension’s description and revealing user reviews should have been sufficient to raise a huge red flag in front of anyone who did the most basic of checks before clicking on the ‘Add to Chrome’ button,' says Lee Munson, Security Researcher at Comparitech.com.

'This is one of those particular times when reading the reviews could have stopped anyone being a victim, but the extension is probably so well known the very name itself would have pushed your mouse pointer to the install button without even checking the reviews.

'We like the idea of apps and programs to automate certain tasks but the moral of this story is always have a browse through the last few reviews- there just may be something to alert you to a problem or even inform you of a “new” feature you may not like or want. Do not completely rely on word of mouth, or you may end up installing something malicious,' says Mark James, Security Specialist at ESET.