Google Chrome Store Removes Fake Ad Blocker-After 37000 Downloads

Share

The anonymous researcher, who uses the pseudonym SwiftOnSecurity, said the fraudulent extension posted as AdBlock Plus, a popular browser add-on with more than 10 million users.

It's unclear how the fake app made it through Google's verification process, which should be the first layer of protection against malicious web apps.

An extension that tried to mimic the popular Adblock Plus extension was not only allowed into the Chrome Web Store but it was also only taken down after 37,000 users had already downloaded it. The extension in question is AdBlock Plus, and its fake version was downloaded by over 37,000 users. The extension looks the same and is presented similarly to the real version.

The anomaly was detected by the security personality SwiftOnSecurity that first brought it to the notice of Google.


Aside from the errant capitalization, the only difference between the two programs was that the fake ad blocker was classified as an app rather than an extension.

It appears that the "fraudulent developer" behind the fake extension managed to spoof the store's ranking algorithm by spamming the listing with keyword hashtags. By using a number of unrelated keyboards added to the extension's description, the scammers were able to make the extension pop up in search results for any number of popular queries. Instead of blocking ads, he got blasted with ads that also started to open several tab on its own as well. "The real version is titled "Adblock Plus" with the lowercase "b" and is offered by the developer adblockplus.org (the fake version was offered by Adblock Plus").

Situations like this happen because the process of uploading extensions on the Chrome Web Store is automated and Google employees only intervene when the extension is reported. Something similar happened two years ago, in 2015.

Share