A report by AdGuard revealed that Google’s Chrome Web store had about 295 extensions that are hijacking browsers to insert ads in the middle of search results of Bing and Google. Most of extensions were started being pulled down by Google after being reported. Yet, at least on of those malicious extensions were installed by about 80 million users.
Malicious Chrome Extensions Insert Ads into Search Results
While the Google’s Chrome browser is appreciated for giving best browser experience, its Chrome Webstore is vested with malicious extension often. These extensions somehow sneak through Google’s tests and show up on millions of browsers sometimes. And here, a new campaign discovered by AdGuard is such incident.
I honestly tried reporting this to Google using different channels, but weeks passed and they all are still on Chrome Web Store.
OK, Google, what one should do to help you remove malware from @googlechrome Web Store? https://t.co/mjE0a100ft
— Andrey Meshkov (@ay_meshkov) August 4, 2020
AdGuard, an ad-blocking solutions company has reported a malicious campaign happening through Chrome Web store, where about 295 extensions were allegedly hijacking the browsers to insert ads in search results. Out of total 295, 245 extensions were of basic utility purposes like for applying custom background in the “New Tab” page.
And the rest were of something like weather forecast widgets or screenshot capture functions. All these extensions are loading a malicious code from fly-analytics.com domain, which would further be used for injecting ads into the search results of Google or Bing. While most of the extensions were still available till this morning, Google started removing them gradually.
Further, the AdGuard report also blamed Google moderators for allowing copycat extensions and clone apps which could leverage the brand’s popularity to perform fraud or cookie stuffing activities. Though Google disables all those extensions from users browsers, they need to be uninstalled manually by users. The complete list of all those malicious extensions are available on ZDNet’s post.