January 20, 2014
Adware vendors buy Chrome Extensions to send ad- and malware-filled updates

Suddenly had extra ads, popups, and new search results show up and your virus and spyware scanner reports everything as a-ok? It might be to do with the report from Ars on Adware vendors buying Chrome Extensions and updating them with spyware. Because Chrome extensions update silently, and are out of the scope of spyware and virus scanners, it’s a great new vector to use for scammers and advertisers. Other things:

  • Chrome extensions are fairly easy to make, so being offered a few thousand for a couple of hours work that it took to make an extension is a good deal if you’re not clear on what the new owner will do with it.
  • Many extensions ask for full access to all your browsing (normally by necessity), making them an attractive target for purchase.

Something to be aware of. If google was smart they’d either add in some sort of spyware checking, or add a notification to the user on either extension ownership change, or a more obvious changelog.

Posted by Arcterex at January 20, 2014 10:31 AM