Adware Spread Through Chrome Extensions

At least two Google Chrome browser extensions have been taken down after it became apparent that they were being used to spread adware. According to new reports, developers of popular Chrome add-ons were targeted by advertising firms looking to spread their adware and in return, the developers sold their apps for large sums of money.

Adware Spread Through Chrome ExtensionsAmit Agarwal recounted how he had been offered money via PayPal to hand over his Chrome extension for the Feedly RSS reader. Agarwal accepted and shortly thereafter, numerous users began to complain that installing the extension led to adware entering their computer.

Since this is obviously something that Agarwal did not expect, he says “It was probably a bad idea to sell the Chrome add-on and am sorry if you were an existing user.” This suggests that had he (and other developers who are in similar situations) known what the ad firms were going to do with the apps, they would have never sold them, even for the significant amount of money that they were offered.

The extension does offer an option to opt-out of advertising (you are opted-in by default) or you can disable them on your own by blocking the superfish.com and www.superfish.com domains in your hosts file but quietly sneaking ads doesn’t sound like the most ethical way to monetize a product. – Amit Agarwal 

The creators of an even larger Chrome extension, Honey, stated that they had also been approached by several adware and malware creators. One of the firms even offered a monthly six-figure income if they were allowed to co-operate the application. Unlike Agarwal, the creators of Honey decided to decline the offer in order to avoid doing shady business practices, although these offers are hard to refuse for some developers.

Although it is easy to install an extension or add-on for nearly any mainstream browser, removing adware that has been spread through them is tricky and can be a major annoyance for users. This level of annoyance was obvious in the comments section of some of the apps that had been turned over to the ad firms.

So far, Google has taken down two apps as a result of the adware (one of which was Agarwal’s) but there may be other applications that have been spreading adware as well.

Summary: Google has removed at least two applications from the Chrome Store. The developers of these extensions had accepted offers from adware creators to hand over the apps and in doing so, installing the add-ons infected computers with adware and malware.

Image Credit: thehackernews