Before Google noticed an error, the extension was downloaded by about 37 thousand users
The extension, imitating a popular tool for blocking Adblock Plus ads, was posted on the Chrome Web Store. Before Google noticed the error, the extension was downloaded and installed by about 37 thousand users.
It is noteworthy that Google removed the extension only after the anonymous cybersecurity researcher under the pseudonym @SwiftOnSecurity drew the company’s attention to a message on Twitter. The extension had the same name as the legitimate program Adblock Plus, used the same logo and had the relevant keywords in the description. The difference was only in writing of one letter (AdBlock Plus in the fake instead of Adblock Plus in the legitimate one).
It is currently unclear whether the extension had a malicious function and whether personal data of users who downloaded the fake were compromised.
@SwiftOnSecurity also noted that fraudulent extensions, which are obvious clones of more popular extensions, appear regularly in the online store Chrome. For example, in 2014, security researchers discovered a fake expansion of Evernote, which overwhelmed the users of the browser Google Chrome with unnecessary advertising by introducing JavaScript code into every page that the user visited.
Earlier in the code of the popular SafeBrowse 3.2.25 extension for the Google Chrome browser, a JavaScript script was detected, which forced browser users to crane crypto currency.