Firms buy popular Chrome extensions to inject malware, ads

Firms buy popular Chrome extensions to inject malware, ads

Summary: Are adware companies offering lucrative deals to acquire popular Chrome extensions -- and the trust of an extension's users?

SHARE:
TOPICS: Google, Browser, Security
5
Screen Shot 2014-01-20 at 10.21.21
Credit: Google

Browser extensions can improve the functionality and intuitiveness of your surfing, but can also be used to serve ads and inject malware in to personal computers -- a facet of their development companies are now exploiting.

Often, browser extensions are free to download and can easily be added to browsers including Firefox and Google Chrome. However, once installed, extensions can also render advertisements that generate income for authors, as well as exploit security loopholes to infect your PC with a number of problems including malware -- and a popular add-on holds the possibility of infecting large numbers of users at the same time.

If adware and malware firms find a popular extension that already comes complete with a large, trusting user base, there is money to be made, as the developer of extension "Add to Feedly," Amit Agarwal, discovered. As reported by Omg Chrome, the developer, whose product has over 30,000 users, was approached by an individual who wanted to purchase the add-on.

Amit explained that the extension, which took no more than an hour to build, was worth 4-figures to the individual. That kind of figure would tempt most of us, and after selling the ownership of the add-on, an update included a new "feature" -- advertising.

"I transferred the ownership of the extension to a particular Google Account," Amit said. "A month later, the new owners of the Feedly extension pushed an update to the Chrome store. No, the update didn’t bring any new features to the table, nor contained any bug fixes. Instead, they incorporated advertising into the extension."

While there is an option to 'turn off' adverts, user reports suggest this is no more than a dummy setting, and were therefore left with no choice but to uninstall the extension. Ad injections without context are against Google's policies, and so the add-on has now vanished from the store.

Users who realized their browsing was affected by spam, embedded affiliate links and pop-up ads due to the extension complained heartily on the Google Web Store, which brought the changes to the developer's attention. However, now ownership was transferred, there is nothing the developer can do except see his work changed into a revenue-generating piece of adware.

Sadly, this is not an isolated incident, suggesting that we need to keep a better eye on our extensions and despite trust levels, removing them immediately if suspicious behavior emerges. On Reddit, a developer of voucher code finder Honey -- a Chrome extension with over 700,000 users -- said he was also approached by a number of malware companies trying to purchase the software. Although every offer was turned down, some firms offered up to six figures a month.

Topics: Google, Browser, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

5 comments
Log in or register to join the discussion
  • Rideing the Trojan Horse the next wave of malware

    Gets installed using stealth and deceptive practices opening the doors for the attacking army.
    greywolf7
  • Nothing new there.

    It is one of the reasons some vendors disable plugins.
    jessepollard
  • Stopped using plug-in

    If they are not developed by the browser vendor, I have gotten away from installing plug-ins.
    Rann Xeroxx
    • good advice

      adobe plugins I understand, some no name company? stay away!
      DontUseGoogleAtAll
  • Internet Explorer

    Modern versions of Internet Explorer can be locked down like Fort Knox. I use IE after tweaking the security settings some to make it a bit more resilient. I also employ a hosts file from:

    http://winhelp2002.mvps.org/hosts.htm

    which blocks most 3rd party content (ads, flash ads, tracking cookies etc. etc.).

    Chrome is spyware.
    Time Agora