The tech giant has pulled rogue malware-serving extensions from its Chrome web store after they were found to hijack links and serve intrusive advertising.
Both extensions were initially legitimate instruments to connect to Twitter and the RSS service. However, they were later bought and subverted by entities selling invasive advertising. Those companies used the extensions in question as a platform to hijack Google searches, redirect links to ads and serve intrusive adverts to unsuspecting users.
Chrome extensions are normally used to add certain functions to a web browser, like apps do with a mobile phone. Browser extensions may add new features or remove others – for example, block adverts or add quick links to other services like Twitter and Facebook. Chrome web store policy prevents developers from inserting ads on more than one part of a page, but it turned out that invasive adware has made use of the automatic update feature of the browser. The latter allows Google Chrome and its extensions to be silently updated in the background without human interaction.
“Add to Feedly” creator admitted that he had sold his extension to someone for an undisclosed small price – four-figure offer for something that had taken just one hour to create. Now the unknown buyer added code into Feedly and silently installed it on users’ machines via the update mechanism, to start serving invasive adverts while people are surfing the web. The same happened with another small extension known as “Tweet This Page” – it was also silently altered to serve adverts, redirect links and hijack Google searches.
In the meantime, developers of larger extensions confirmed that they have also been approached in a similar manner by various companies, which were looking for extensions and user data. Browser’s extensions which access a webpage’s content require user’s permission upon install, and it is used by the malware developers to inject adverts into pages without people knowing.
Once installed, the malware can’t be detected via traditional means – by anti-malware or antivirus software. Therefore, it can only be removed by uninstalling the Chrome extension, but for many users it’s not easy to find the cause of the problem.