Fake Adblock Plus Extension With Over 35k Users on Chrome Web Store
A fake Google Chrome extension with the name “Adblock Plus” was recently removed from Google’s official browser extensions gallery, the Chrome Web Store (CWS). A screenshot shared by Twitter user @SwiftOnSecurity reveals that it had more than thirty five thousand active users. Surprisingly, it had 4-stars average rating on the store.
The developer of this extension had named it after the most popular browser extension ever, the Adblock Plus by Wladimir Palant of AdblockPlus.org. Extension’s description on the CWS was filled up with the names of other popular browser extensions and games like EditThisCookie, uBlock Origin and Canvas Rider. These two signs confirm malicious intentions of the developer behind it.
This extension is no longer available on CWS, so I can’t check its source code, but I suspect that it was involved in bitcoin mining. Putting cryptocurrency mining scripts on websites, apps and extensions seems to be the latest trend among unethical developers and webmasters. Recently, a such script was discovered even on The Pirates Bay. Thankfully, there are ways to block such scripts but these are not very effective as only popularly known mining services can be discovered and blocked by such tools.
The above incident raises security and privacy concerns for the Chrome users once again. Chrome team doesn’t manually review extensions, apps and games uploaded to the CWS. This could be a serious threat, like in above example, as a developer can easily distribute malicious and spammy items through CWS.
On the other hand, Mozilla team manually review every Firefox extension uploaded to its add-ons gallery. This ensures that no extension is involved in any kind of unethical activity. The good news here is that Mozilla has moved to the WebExtension APIs – which is based on the Chrome extensions APIs. This means that the WebExtension-based Firefox extensions should be compatible to Chrome and other similar browsers. Currently, Mozilla provides Firefox extensions in .XPI format, while Chrome supports .CRX format for extensions. Another big obstacle is that Chrome allows installation of extensions only from the CWS (users need to enable Developers Mode in order to sideload).
(Image Credit: @SwiftOnSecurity)