Some 37,000 people downloaded a spam version of the "AdBlock Plus" extension from Google after a fraudulent ad blocking extension snuck through Google Chrome's verification process and appeared in the Chrome Web Store yesterday.
It's easy to see why Google (and some 37,000 people) were tricked — the developer who packaged the adware into an extension used the name of an already popular and legitimate extension, AdBlock Plus.
SEE ALSO:Whoops, a hacker found a way to steal your passwords from macOS High SierraAdditionally, the bogus page in the Chrome store came with reviews. In short, the fraudulent extension looked pretty realistic. Twitter user SwiftOnSecurity, who regularly tweets about web security, posted an image of the devious extension:
Google allows 37,000 Chrome users to be tricked with a fake extension by fraudulent developer who clones popular name and spams keywords. pic.twitter.com/ZtY5WpSgLt
— SwiftOnSecurity (@SwiftOnSecurity) October 9, 2017
Google eventually caught wind of the breach and removed the deceitful adware, but it remains unclear just how harmful the malware is for those who already downloaded the extension. At least one unfortunate user says they're being hit with ads. In a screenshot of a review, posted by SwiftOnSecurity, the user states that the "instant this was added to Chrome started getting invasive ads with high volume levels opening new tabs."
Though Google took down the adware, SwiftOnSecurity was unimpressed by Google's failure to stop this malware from sneaking through and ending up conspicuously displayed in the Chrome store in the first place:
Legitimate developers just have to sit back and watch as Google smears them with fake extensions that steal their good name pic.twitter.com/3Tnv4NtY9t
— SwiftOnSecurity (@SwiftOnSecurity) October 9, 2017
The 37,000 infected users probably hope this public shaming further motivates Google to buffer the Chrome store's verification process. After all, malicious developers will only get more inventive if the problem isn't fixed.
TopicsCybersecurity
(责任编辑:焦點)
Hiddleswift finally followed each other on Instagram after 3 excruciating days
Draw yourself as Benedict Cumberbatch's imaginary date because that's not creepy at all
Breast cancer survivor gets tattoo over scars, ends up falling in love with the artist
Health experts are worried about more quarantines under President Trump: Here's why
Photos show the Blue Cut fire blazing a path of destruction in CaliforniaSingapore gets world's first driverless taxis
SINGAPORE -- The world's first self-driving taxis started picking up passengers in Singapore on Thur
...[详细]Twitter is burying Moments as it bets on live video
Twitter's apps will no longer have a dedicated tab for Moments. In its place, the company is adding
...[详细]Bride perfectly trolls her groom in a ridiculous T
"First look" wedding pictures are usually some of the most beautiful pictures from any couple's nupt
...[详细]Google I/O 2017 dates are revealed by this freakishly hard puzzle
Google's annual I/O developer conference will take place May 17 - 19 at Shoreline Amphitheater in Mo
...[详细]
The group behind a growing list of celebrity social media breaches has struck again, this time takin
...[详细]WhatsApp is testing a feature that lets you 'revoke' unread messages you sent prematurely
Soon, you may be able to take back your drunk or needlessly angry texts on WhatsApp.The Facebook-own
...[详细]This country wants to pay people to use the loo
India has tried every rule in the book to improve sanitation conditions in the country, but a new sc
...[详细]Amazon's getting serious about its delivery ambitions with a $1.4 billion hub
Amazon's delivery has a home: Kentucky. The tech giant will build a $1.39 billion hub for delivery s
...[详细]Chinese gymnastics team horrifies crowd with human jump rope
