While Microsoft doesn't have enough extensions for its browser, Google has too many unwanted ones. An extension that tried to mimic the popular Adblock Plus extension was not only allowed into the Chrome Web Store but it was also only taken down after 37,000 users had already downloaded it.
Making matters worse is the fact that it was only removed by Google after an anonymous cyber security account on Twitter noticed it, and brought it to the company's attention. The extension had the same name as the official Adblock Plus - which has more than 10 million users - except for a capitalised 'b'. It also used the same logo and spammed the relevant keywords in its description to skew users to itself when they were searching for the real extension.
Google allows 37,000 Chrome users to be tricked with a fake extension by fraudulent developer who clones popular name and spams keywords. pic.twitter.com/ZtY5WpSgLt
— SwiftOnSecurity (@SwiftOnSecurity) October 9, 2017
It's unclear if the extension was malicious and what, if any, personal data it may have stolen from the users who were unfortunate enough to fall for the ruse.
@SwiftOnSecurity also pointed out that this is not the only instance of such a blunder and that fraudulent extensions like this, which are apparent clones of more popular extensions, are regularly allowed onto the Web Store, unfettered by the company's vetting process. Indeed, not only is this not the only case of a fake extension disguising itself as another, it's not even the first time an extension has tried to mimic Adblock Plus.
Google itself has been the victim of a similar name spoofing scheme when attackers used an app named Google Docs to carry out a phishing attack earlier this year. The company had then promised to put into place measures to prevent this kind of thing from happening again but five months later, the problem still persists.
Source: @SwiftOnSecurity via The Verge
12 Comments - Add comment