Browser extensions are extra features and functionality that you can easily add to Google Chrome, Firefox and other popular Browsers, but they can be used to serve malicious adware, which automatically renders advertisements in order to generate revenue for its author.
Hackers are now taking their business rather more seriously than we thought. Even a single instance of malicious adware on your PC can inject bad ads or malware to your browser.
Ads are a legitimate way to monetize. However, creating and spreading a fresh add-on to get a large user base is always tough, but now adware companies found a new trick i.e. Buying trusted browser extensions with a large user-base and exploiting their auto-update status to push out adware.
Recently, the developer of 'Add to Feedly' Chrome extension with 30,000+ users, Amit Agarwal, was approached by some mysterious buyers. "It was a 4-figure offer for something that had taken an hour to create and I agreed to the deal," he said.
"I transferred the ownership of the extension to a particular Google Account. A month later, the new owners of the Feedly extension pushed an update to the Chrome store. No, the update didn't bring any new features to the table, nor contained any bug fixes. Instead, they incorporated advertising into the extension."
Google updates chrome extensions silently in the background, and majority of the users would not be able to notice the changes. But when Google Chrome is affected by adware, you may experience frequent pop-up ads and redirection to malicious domains.
"These aren't regular banner ads that you see on web pages, these are invisible ads that work the background and replace links on every website that you visit into affiliate links."
Ad injections are not in violation of the Chrome Web Store program policies, but it must be presented in the context of the extension or, when present within another page, ads must be outside the page's normal flow and clearly state which extension they are bundled with.
After reviewing Amit's extension, now Google has finally removed it from the Chrome web store. If your browser is also infected with Adware or any other type of malicious software, check your browser add-ons and extensions regularly, disabling those you don't use and those that look suspicious.
After reviewing Amit's extension, now Google has finally removed it from the Chrome web store. If your browser is also infected with Adware or any other type of malicious software, check your browser add-ons and extensions regularly, disabling those you don't use and those that look suspicious.
