We’re often assured that programs on official online stores are safe, but there are times when malicious software can slip through the cracks and appear as legitimate products. The latest example involves the Chrome Web Store, where a fake Adblock Plus extension was downloaded over 37,000 times before being removed.
The excellent cybersecurity expert who goes by the Twitter name SwiftOnSecurity discovered the phony extension, which has since been taken down by Google. It fooled people into thinking it was the real deal by mimicking the original Adblock Plus page, only with a capital “B” in the title and using a different developer name.
One element that made the extension stand out as a fake was the numerous keywords in its description, placed there in the hope that the listing would appear in unrelated search queries. Some users also left reviews pointing out it was a fraud that brought invasive ads and opened tabs without permission.
"Google allows 37,000 Chrome users to be tricked with a fake extension by [a] fraudulent developer who clones popular name and spams keywords," tweeted SwiftOnSecurity. "Legitimate developers just have to sit back and watch as Google smears them with fake extensions that steal their good name."
Google allows 37,000 Chrome users to be tricked with a fake extension by fraudulent developer who clones popular name and spams keywords. pic.twitter.com/ZtY5WpSgLt— SwiftOnSecurity (@SwiftOnSecurity) October 9, 2017
Google clamped down on malicious software in 2015 by stopping Windows and Mac users from downloading Chrome extensions not hosted on the Chrome Web Store. Google said the move resulted in a 75 percent drop in the number of customer support help requests for uninstalling unwanted extensions.
A similar naming technique was used in a sophisticated phishing attack earlier this year. It consisted of a third-party web app named Google Docs that tricked users into handing over access to their contacts and Gmails.