Chrome extensions targeted by spam firms

Chrome logo Taking over Chrome extensions gives adware pedlars access to a captive audience

Related Stories

Adware pedlars are buying extensions for the Chrome browser and adding code that hijacks searches or inserts sponsored ads, reports suggest.

Extensions are self-contained software add-ons for Chrome that add specific functions to the browser.

At least three extensions for Chrome are suspected of being taken over by adware pedlars.

One developer said he sold his Chrome extension for a "four-figure" sum to an ad marketing firm.

Google has now removed two of the extensions believed to have been compromised in this way.

Cash offer

News that adware makers were seeking to buy up Chrome extensions emerged via the blog of developer Amit Agarwal.

In a blogpost, Mr Agarwal recounted how he had been offered a significant sum in late 2013 for an extension he wrote that worked with the Feedly RSS reader.

Soon after, the new owners of the extension updated it to provide adverts that invisibly replace links on the webpages people visit.

Mr Agarwal said he now regretted selling the extension and felt he had let down its 30,000 users.

Thousands of extensions are available for Chrome and many have been downloaded and installed millions of times.

Almost every modern browser can be extended via its own add-on program.

Further evidence of the practice of subverting popular add-ons to the Chrome browser came via a Q&A session on social news site Reddit.

Offers 'best avoided'

In that online chat the developers of the coupon-finding extension, Honey, said they had been approached by several makers of adware and malware who offered cash to take over the program.

One company offered Honey a "six-figure" sum every month if it co-operated, said the developers.

The company has turned down every offer because it believes it will do better in the long run by avoiding "shady" marketing practices.

A quick survey of the comment pages associated with Chrome extensions by tech reporter Ron Adameo suggested evidence that other add-ons had been compromised, too.

Many people were reporting that formerly benign add-ons had suddenly transformed into ad-spewing irritants after an update, he wrote in a report for Ars Technica.

"While it's extremely easy for a novice user to install an extension, it's nearly impossible for them to diagnose and remove an extension that has turned sour," he said.

Following the reports, Google has now removed two extensions revealed to have been take over by ad firms - one of which was the add-on created by Mr Agarwal.

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features & Analysis

BBC Future

(Thinkstock)

‘I freeze people to cheat death’

The man with 100 bodies in his freezer Read more...

Programmes

  • Hitch-hiking robot HitchBOTClick Watch

    Hitch-hiking robot HitchBOT completes a 6,000km (3,700-mile) trip plus other tech news

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.