Fake web extensions with ‘real’ names
What’s the threat?
Hackers created a fake ad-blocking browser extension for Google Chrome that pretended to be an official product from the popular Adblock Plus (used on about 100 million devices).
It was listed in the Chrome Web Store with the same logo – ‘ABP’ in a red stop sign – and used the same keywords so people would find it when searching for the real extension. On the surface the only difference was a capital ‘B’ in the name (see screenshot). The fake extension even had a good star rating – four out of five - and over 150 reviews.
It’s not known what harm installing the extension did, though some people have said it displays intrusive adverts that open several tabs. Google removed the extension only after being told about it on Twitter, by which time over 37,000 people had installed it.
How can you stay safe?
Sadly, there’s no silver bullet against fake extensions. Staying safe means triple-checking the authenticity of an extension, ideally by contacting its developers.
Understandably, Adblock Plus’s developers were annoyed by the imposter, writing in a blog post ( www. snipca.com/25959) that it was “troubling”. They also gave instructions to check which version you have installed. Click Chrome’s top-right menu button (three vertical dots), ‘More tools’, Extensions, then look for Adblock Plus. Click the small blue ‘Details’ link, then ‘View in store’ in the box that appears, which – if you have the real version – takes you to Adblock Plus’s page in the Chrome Web Store.
To be totally sure, remove the extension by clicking the bin icon then re-installing it from https://adblockplus. org, or from the Chrome Web Store at www.snipca.com/25958. Google realises there’s a problem with nasty extensions, and has improved Chrome in response (see New Tools below).