ONLINE SHOPKEEPER Google has removed two apps from its Chrome Web Store after it was found that they were infected with malware.
The two apps Add To Feedly and Tweet This Page previously were reputable apps, but had been bought by unscrupulous parties who took advantage of the apps' good reputations.
The scam is simple enough. A developer writes an app and spends a lot of time building up good reviews in the Chrome Web Store. The scammer then comes forward as an investor and offers to buy the app in order to take it to the next level. He then takes advantage of the auto-update facility in Chrome that is on by default by creating a malware infested version of the app and pushing it out to trusting users.
Add To Feedly developer Amit Agerwal told readers on his blog, "The extension does offer an option to opt-out of advertising (you are opted-in by default) or you can disable them on your own by blocking the superfish.com and www.superfish.com domains in your hosts file but quietly sneaking ads doesn't sound like the most ethical way to monetize a product. It was probably a bad idea to sell the Chrome add-on and [I] am sorry if you were an existing user. Meanwhile, you can switch to the Feedly bookmarklet for the adware-free experience."
The co-author of Honey, another popular add-on for Chrome that silently scans for valid coupon codes as you shop, told Reddit that he had been approached on multiple occasions by hackers wanting to do the same thing with his app.
He said, "Usually [they] start with an email and progress to a call. I've spoken to a few on the phone and they sound just like normal people proposing a business deal. I'm sure they've justified what they do in their own mind so they don't sound shifty or unsure at all. Mental gymnastics is an amazing thing."
The developer, who is known as gemusan, was keen to point out that Honey has not fallen prey to such a scam and continues to be a reputable app. Meanwhile this practice appears to be increasing, and we might find that this is just the tip of the iceberg. µ
Sign up for INQbot – a weekly roundup of the best from the INQ