« | Home | Categories | »

Adware vendors buy Chrome Extensions to send ad- and malware-filled updates

Posted on January 19th, 2014 at 14:10 by John Sinteur in category: Software -- Write a comment


A first-hand account of this, which was first spotted by OMGChrome, was given by Amit Agarwal, developer of the “Add to Feedly” extension. One morning, Agarwal got an e-mail offering “4 figures” for the sale of his Chrome extension. The extension was only about an hour’s worth of work, so Agarwal agreed to the deal, the money was sent over PayPal, and he transferred ownership of the extension to another Google account. A month later, the new extension owners released their first (and so far only) update, which injected adware on all webpages and started redirecting links. Chrome’s extension auto-update mechanism silently pushed out the update to all 30,000 Add to Feedly users, and the ad revenue likely started rolling in. While Agarwal had no idea what the buyer’s intention was when the deal was made, he later learned that he ended up selling his users to the wolves. The buyer was not after the Chrome extension, they were just looking for an easy attack vector in the extension’s user base.

And although extensions are sand-boxed, they can replace URL’s in a request. They will replace a 70mb download of DELL_AiOXXXX.exe from dell.com with a 1.7mb setup.exe full of real nasty stuff from a less reputable site..

  1. Daaaang.

previous post: Text Editors in The Lord of the Rings

next post: Washington State considers cutting off electricity, water for NSA