A fake AdBlock Plus extension made its way to Chrome’s official Web Store and was downloaded 37,000 times by users across the globe. Google removed the listing after it was spotted by a security researcher going by the handle of @SwiftOnSecurity, who shared his discovery on Twitter.
Google allows 37,000 Chrome users to be tricked with a fake extension by fraudulent developer who clones popular name and spams keywords. pic.twitter.com/ZtY5WpSgLt
— SwiftOnSecurity (@SwiftOnSecurity) October 9, 2017
The extension looked like the real deal, so it’s no wonder that it fooled so many people. However, it’s quite strange that it got past Google’s verification process, especially when considering that AdBlock is a well know service with over 10 million users and already has an extension in the Chrome Web Store.
There’s no word on whether or not the extension is malicious, but one can assume that the developer didn’t create it just for fun. So if you’ve recently downloaded it, the best thing to do is to uninstall it, and then download the real one from the Chrome Store.
Google has always had problems with malicious Chrome extensions. Back in 2015, it blocked users from downloading extensions that were not listed in the Chrome Web Store, which proved to be the right decision. The company said at the time that it received 75 percent fewer support requests from users regarding unwanted extensions.
Google is working hard trying to prevent fake Chrome extensions appearing in the store, but it still has a long way to go. Although it can be difficult if not impossible to spot every one, it’s clear that the company has to upgrade its verification process to further minimize the chances of malicious software making its way to the Chrome Web Store.