SECURITY EXPERTS have warned of a phony browser extension masquerading as Adblock Plus and serving users invasive online ads when it was supposed to be blocking them.
SwiftOnSecurity warned of the fake extension via Twitter on Tuesday, some time after it had managed to sneak into the official Google Chrome Web Store and attract over 37,000 users. By that time, the damage was done.
If you're wanting to know how to spot it, the only difference between the extension, called "AdBlock Plus", and the real deal is the capital B in the name. It also came from a developer who had called itself Adblock Plus, for that extra air of authenticity.
Legitimate developers just have to sit back and watch as Google smears them with fake extensions that steal their good name pic.twitter.com/3Tnv4NtY9t— SwiftOnSecurity (@SwiftOnSecurity) October 9, 2017
Since its discovery by SwiftOnSecurity, Google has removed the malicious extension, but that doesn't help those who have already downloaded it.
To see if you have the real Chrome extension or not, make sure it's from adblockplus.org and that it's listed as an extension in the store, and not an app.
Those who have downloaded the fake version can easily delete it, however. All you have to do is go to the hamburger menu on Chrome, click "More tools", then select "Extensions" and click on the trashcan icon next it.
The fact that the extension was able to infiltrate Google's security raises concerns for the future, as to how the company will prevent similar add-ons from doing the same
"There's no way their Chrome team is happy with this extension vetting/moderation situation," SwiftOnSecurity tweeted.
In a blog post, the real Adblock Plus added it was glad the fake extension was pulled down, but added: "It's a bit troubling, of course, that it made it in there in the first place."
Google is yet to comment as to why it wasn't able to distinguish the difference between the genuine and phony extensions. µ
Welcome to the dystopia Black Mirror warned us about
Microsoft in 'more helpful' shock
A whole new way to be tied to your ISP
Search giant puts Epyc chips at the heart of its datacentre servers