More Than 500 Rogue Chrome Extensions Removed

John Lister's picture

Google has removed more than 500 rogue Chrome extensions that were scamming both computer users and advertisers. Some rogue extensions have been operating for more than a year.

The rogue extensions were spotted by security researcher Jamila Kaya and Jacob Rickerd of Cisco. They used a Cisco security tool called CRXcavator that's specially designed to assess Chrome extensions. (Source: duo.com)

The pair worked on a project to try to spot common patterns of bogus extensions. They started by assessing "a few dozen" extensions they knew to be rogue and were able to use patterns to expose 70 rogue extensions. (Source: sophos.com)

They then passed the details on to Google, which used the information to check through its entire catalog of extensions. The result: more than 500 rogue extensions were removed from the Chrome Web Store. The good news for is that, unlike with mobile device apps, Google automatically blocks any extensions it removes from the Chrome Store from continuing to run on people's browsers.

In other words, nothing needs to be done as the rogue browser extension removal process is automated.

Ads 'Viewed' Out Of Sight

One of the common themes of the rogue extensions was that they hid their true purpose from the user. Regardless of the advertised functionality, it seems the most common secret activity of the rogue extensions was making bogus "visits" to web pages in the background.

These pages were likely controlled by the scammers and hosted third-party advertising on a per-click basis. The scammers could then claim royalties for the bogus clicks, with the legitimate advertisers unaware that nobody was actually seeing their ads. The other downside to this type of bogus activity is that advertisers that are paying for the ads are losing money for fake clicks.

Google Uses 'Regular Sweeps'

Such illegitimate behavior is bad news for the computer user as well.

In order to pull off the scam, the bogus extensions eat up processing power on the CPU, which can slow performance and drain battery on laptops. There's also a risk that the unseen web activity by the browser - which was often redirected through multiple addresses to avoid detection - could expose the computer to security risks such as malware infection.

In regard to the report, Google stated that: "... We appreciate the work of the research community, and when we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses... We do regular sweeps to find extensions using similar techniques, code, and behaviors, and take down those extensions if they violate our policies."

What's Your Opinion?

Do you use browser extensions? If so, how do you vet them before installation? Is Google doing enough to reduce the security risks of giving third-party tools access to a browser?

Rate this article: 
Average: 5 (13 votes)

Comments

matt_2058's picture

Is there a list of these extensions? I tried to find a list and can't find one. Neither of the sites involved in identifying the bad extensions have them listed.

If Google has removed the extensions, does that mean they will be removed from browsers when the browser updates?