A fraudulent Adblock Plus extension managed to bypass Google's verification process and became available for a certain period on the official Web Store, according to reports.
It was eventually pulled down, but it stayed there long enough to fool 37,000 people.
Fake Adblock Plus Hits The Chrome Web Store
SwiftOnSecurity, an anonymous cybersecurity personality, called attention to the fake Adblock Plus on Twitter, pointing out that imposters, like the fake Adblock Plus, seem to keep on bypassing Google's evaluation process and ending up on the official store.
This kind of situation leaves many Chrome users highly vulnerable, many of whom probably trust that when something ends up in the official Web Store, it's already been through Google's rigorous security checks - hence, it is safe to download.
So, here's what happened: a developer whose name is "Adblock Plus" created an extension that looks exactly like the real Adblock Plus extension, complete with the logo and other visual elements. While live, it was downloaded 37,000 times, but it remains unknown if it was malicious or if it compromised any type of user data.
SwiftOnSecurity says the fake Adblock Plus was created by a "fraudulent developer who clones popular name and spams keywords." True enough, it was pretty hard to spot if the extension is fake, especially since it has a number of reviews already.
According to one reviewer, he started being swamped with invasive ads that opened several tabs all at once after installing the fake Adblock Plus. But beyond that, it still remains unclear what damages it might have caused the 37,000 people who downloaded it.
Fake Google Chrome Extensions
As The Verge notes, lots of users used to have problems with fake Google Chrome extensions in the past, that's why Google in 2015 eventually disallowed Windows and Mac users from getting extensions from third parties, or in other words, those not hosted inside the official Chrome Web Store directly. Such a move was intended to prevent users from downloading malicious software on their computers. After doing so, Google claimed that it saw a 75 percent drop in the amount of support requests for removing unwanted extensions - for Windows users, at least.
It's not clear exactly what may have caused the fake extension to bypass Google's vetting process for the Chrome Web Store, and in addition, the company has yet to address the issue of how easy it is for fraudulent developers to pop up on the store pretending to be legitimate extensions.
How To Check If You Downloaded The Fake Adblock Plus Extension
Again, the fake extension has since been pulled from the Chrome Web Store, but for those worried if they might have downloaded it while it was still live, here are a few things worth looking into:
• Check if "Adblock" is spelled with an uppercase or lowercase "b." If it's uppercase, it's probably fake. Lowercase means it's legit, as Neowin points out. Bear in mind that this is the app name, not the developer name.
• The original developer of Adblock Plus is adblockplus.org, while the developer of the fake one is simply called Adblock Plus, with a lowercase "b."
• For users who recently downloaded Adblock Plus and want to make sure it's not the fake one, simply uninstall it from Chrome and go to the legitimate Adblock Plus extension page and install it again. Done.
Thoughts? Sound off in the comments section below!