Chrome extensions have allowed us to have a great deal of flexibility in what features we can have in Google’s flagship browser. It seemed like manna from heaven, an alternative to the toolbars and plugins from the past. With one simple click, bam! You have a new card on your deck of widgets made by a third-party developer.
Many of us took this for granted, and the system started to take a turn south. There’s one price to pay for adding extensions willy-nilly: you might have a fake one that acts as malware, and it might just be an ad-blocker you thought would protect you!
The Discovery
It wasn’t until April 17, 2018, when someone decided to peek into Chrome’s enormous repository of ad-blocker extensions and look for knock-offs that are harmful. The company to do it was AdGuard, and it found that over 20 million people were using these plugins with nary any idea that they were malicious.
Some of these have names like “Superblock” or “AdRemover for Google Chrome™,” which sound somewhat legitimate. Even worse, many of them have thousands of five-star reviews, giving them an air of credibility due to an illusion that portrays an extension used by many people who were satisfied with their experience.
The “AdRemover” extension alone has over 10 million users.
Although these extensions appear to remove ads, they also collect personal data on their users and sometimes even change the appearance of some sites. AdRemover gains privileged access to Chrome and uses jQuery to inject potentially malicious code. At this time, it does nothing with it, but it is basically a cocked gun waiting to shoot.
Thanks to efforts from the folks who discovered these fake extensions, Chrome’s web store has deleted all five plugins that were out there. Still, that doesn’t mean that there won’t be more in the future!
How Do I Protect Myself?
This is a tough one to answer since there’s no real way to absolutely guarantee that what you’re downloading isn’t some useless malware. However, we can always use the AdRemover case to make a point.
The plugin “AdRemover for Google Chrome™” was supposedly developed by the AdRemover team. But when we go to the real Ad Remover website (notice the space between the two words), we find a semi-professional website made by some folks who provide both a free and a not-so-free version of their Chrome extension. So far, so good. But that still doesn’t guarantee that this isn’t just some other fake software scheme.
Going even further, we look at their “Contact Us” page, and we find a registered company entity (Ad Remover, LLC), an address, an area code, a phone number, and some operating hours. A quick Google search brings us to their Better Business Bureau page, where we find that Ad Remover, LLC is indeed a registered company with that phone number and the right address. We also find out that it’s been in business for two years.
It has an A rating and nineteen positive customer reviews. Seems legit!
Here’s the crux of the matter: Try searching online for “AdRemover” (without the space between the words). You’ll find the fake extension’s Chrome Web Store page (which leads nowhere now since Google removed the extension), and that’s about it. If you’re searching for this far from the time this article was published, you might not even find that page.
This brings us to one solid point: Most malicious ad removal extension creators are too lazy to make entirely new websites. They will instead usurp the identities of other developers (e.g. “AdRemover” vs. “Ad Remover” and “uBlock Adblocker” vs. “uBlock Plus Adblocker”). Others will not even make a website for their extensions (Superblock being a great example of this).
Do not trust, do not verify; just go and find the legitimate website and activate the extension from there. Or if you’re anywhere near as lazy as I am, search for what’s popular, find the legit source for it, then slap it on.
This particular method for investigating extensions will work best to combat fake ad blockers (and maybe a few other niches). However, there are other types of malicious extension creators that might go through the full effort of making a legitimate-looking website. This might happen, for example, as part of an investment scheme or other type of scam.
Do you have any other tips for sniffing out fake extensions? Tell us about them in a comment!
