Two Google Chrome browser extensions have been removed from its web store as they had reportedly been bought up by advertisers intending to inject adware. These dastardly companies silently updated the previously benign software to include code that bombarded users with spam ads.
The two extensions involved, 'Add to Feedly' and 'Tweet This Page,' each had less than 100,000 users, but these users started to experience unwanted ads and complain about this upon support forums, according to the Wall Street Journal. Both extensions included code which was unacceptable to Google's terms as it would serve up undesirable (rival) ads, which resulted in users giving one-star ratings and calling the extensions spam sources.
The Chrome Web Store
Bite the hand that Feedly
The developer of 'Add to Feedly', Amit Agarwal, admitted that he sold his extension to an unknown buyer whose name returned no results on Google. "It was a 4-figure offer for something that had taken an hour to create and I agreed to the deal. I had no clue about the buyer and was also curious to know - why would anyone pay this kind of money for such a simple Chrome extension," explained Agarwal in a blog post.
The business model of the buyer was simple, explains Agarwal, "They buy popular add-ons, inject affiliate links and the bulk of users would never notice this since the Chrome browser automatically updates add-ons in the background. And there are no change-logs either."
Add to Feedly
The issue doesn’t seem like it is just limited to the two add-ons mentioned above. Further investigation suggests that advertisers regularly buy popular extensions and transform them into adware. More and more developers are being approached about selling their add-ons. The creators of the popular Chrome extension Honey, for example, said they were also approached by malware companies in the past and learned that a six figure sum could be made in profits every month should they join the dark side…
Google is obviously not going to let this adware infestation happen without doing anything, as it cited a December change to its policies. This will outlaw various complex changes to websites by extensions and developers will not be allowed to place ads on more than one part of the page. However this change isn't due to be enforced until June and then we have the practicality issues of monitoring and enforcement.