Chrome extensions being bought out by malware vendors in order to peddle malicious updates

Jett Goldsmith

Recently, malware vendors have been purchasing popular Chrome extensions in order to distribute malicious code, adware and malware to every user of the extension.
According to ArsTechnica, the danger lies in Chrome’s ‘silent updates’: Google designed Chrome specifically to be smooth and noninvasive, which means silently updating browsers and extensions without a hitch. But it also means that users aren’t told when ownership of an extension is transferred to another company – so they’re left in the dark if a malicious vendor suddenly decides to push dangerous updates.
And as it turns out, exactly that has been happening. Adware vendors are purchasing popular extensions and subsequently pushing out silent updates filled with malicious and invasive code to users’ browsers. This was experienced firsthand by the developer of the popular ‘Add to Feedly’ extension: A mysterious buyer approached him and offered him a four-figure sum to transfer ownership of the extension that he had developed. When he took them up on their offer, the new owners pushed out an update which pumped the extension full of adware, leaving the extension’s 30,000 users at the short end of the stick with potentially compromised browsers. 
This exact scenario has happened to plenty of other Chrome extension developers as well, and as its prevalence increases, users may find it difficult to properly diagnose and remove the compromised extensions. Since most virus scanners don’t mark adware-filled Javascript as malicious, figuring out which extension is causing the problems may be difficult. And since Chrome syncs account data across all devices, a malicious extension downloaded on your laptop will also have to be deleted from your desktop – and your phone, tablet, and Chromebook.
The internet certainly isn’t a novice to this sort of malware. A few weeks ago, Yahoo confirmed that some of the ads on its site were filled with malicious code – and even Google is aware of the issue,implementing ‘malware detection’ into a beta browser back in November. But as the Chrome web browser becomes more and more popular, the prevalence of folks looking to harm your computer and steal your personal information will certainly increase in turn.
Source: ArsTechnica | Images via Shutterstock (Hex Code), ArsTechnica
Shopping Cart
Scroll to Top