Google’s own Chrome Web Store repository has been found to feature a counterfeit AdBlock Plus extension which infected thousands of users. This is a yet another incident involving Google Chrome’s repository which is being abused constantly by computer hackers.
Chrome Web Store Hosts Fake AdBlock Plus Extension
Uploading counterfeit web extensions on software repositories or hacker-controlled sites is one of the most popular ways of infecting users on a global scale. The criminals frequently resort to this tactic and continue to use it even after the web hosts and companies constantly add new measures to block this practice. However this is not always always effective as the hackers use fake credentials which are usually gained from stolen data and abuse the comments system to try and create a false reputation.
The latest high-impact example is the Chrome AdBlock Plus extension which is one of the most popular items in the software repository. Security experts discovered that a criminal collective has been able to infiltrate the store and added their own malware entry which mimics the original in a way that makes it virtually impossible to distinguish by ordinary computer users. They have resorted into using slight name changes (a capitalized “B” letter) and the same image and text description to fool the users into thinking that their copy is the legitimate software. By the time it has been reported the security experts note that the item has been downloaded more than 37 000 times.
Fake AdBlocker Plus Extension Capabilities
A successful installation of the rogue AdBlock Plus can lead to malware infections with different types of viruses. Depending on the attack wave configuration the extensions can lead to several different kind of malware intrusions:
- Ransomware ‒ As one of the most popular types of computer viruses this category of threats usually follow a predefined sequence of commands. Their goal is to encrypt sensitive user and system files and then extort the users for a “restore” fee. The sum is usually in a crypto currency (such as Bitcoin) which makes the transactions practically untraceable.
- Browser Hijackers ‒ This is the second type of popular computer viruses. They aim to change important settings of the victim browsers, the goal is to redirect the users to a hacker-controlled site. This is done by modifying the default home page, search engine and new tabs page, along with other related settings. Most of them also retrieve stored data such as the history, cookies, bookmarks and passwords.
- Trojans ‒ They are used to spy on the users activities in real time and can overtake control of the victim computers at any given time.
The fake Adbock Plus extension has been removed from the Google Chrome Store. However we expect that future strains will also be uploaded as part of the hackers array of attacks. As such we recommend that all computer users protect themselves by using a quality anti-spyware solution. It It can also effectively remove found infections with a few mouse clicks.
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter
Martin Beltov
Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.
Follow Me: