Cluster of 295 Chrome Extensions Caught Hijacking Google and Bing Search Results (zdnet.com) 28
An anonymous reader writes: More than 80 million Chrome users have installed one of 295 Chrome extensions that have been identified to hijack and insert ads inside Google and Bing search results. The malicious extensions were discovered by AdGuard, a company that provides ad-blocking solutions, while the company's staff was looking into a series of fake ad-blocking extensions that were available on the official Chrome Web Store. AdGuard says that most of the extensions (245 out of the 295 extensions) were simplistic utilities that had no other function than to apply a custom background for Chrome's "new tab" page. In addition to the 295 cluster, AdGuard also found a large number of copycat extensions that cloned popular add-ons to capitalize on their brands, and then load malicious code that performed ad fraud or cookie stuffing. ZDNet has the full list of 295 Chrome extensions embedded in their article.
bad practices on the Chrome Web Store (Score:1)
This sounds more intentional than "accidental"
uBlock and NoScript... What else do you need?
Re: (Score:1)
I have a second question to add, Do adults actually download that shit??
What will Google actually DO? (Score:3)
Re: (Score:2)
According to the article, they got marked as malware and disabled but not uninstalled in the end user's browser. Oh, you mean keeping crap out of the store to begin with? Probably nothing.
Blacklist the people who made the store declarations?
I'm pretty sure that they consider a Google Account to be an identity. Internal outsourcing. So all someone has to do is have another Google account ready. I don't think that's hard. Amazon even has a CAPTCHA-filling service (Mechanical Turk) for creating fake accounts.
Re: (Score:2)
uBlock and NoScript... What else do you need?
Zotero, perhaps?
Re:bad practices on the Chrome Web Store (Score:5, Insightful)
This sounds more intentional than "accidental"
uBlock and NoScript... What else do you need?
I'd toss in Privacy Badger too.
Re:bad practices on the Chrome Web Store (Score:4, Informative)
If you look at the list, clearly they are garbage extensions, all using the same spammy title.
Ghostery works great and is more selective (scalpel, not shotgun) about dealing with ads. uBlock/Adblock+ are rubbish in their own ways as well. The main key problem in blocking ads is that they tend to completely blow apart websites "responsive" designs and sometimes that results in collapsing html elements making the site unreadable. OR, sometimes, like with news sites, it's the only way to make them readable at all, as the ads outnumber the content.
My suggestion, the HOSTS file should be your number one option for blocking crap. Block Taboola, Block any ad widgets like it that show you gross things, or stale articles. They will never improve and keep showing you stuff that is disturbing so just block them.
Re: (Score:1)
My suggestion, the HOSTS file should be your number one option for blocking crap.
Yeah, I hear a lot about that....
Re: (Score:3, Insightful)
blowing apart "responsive" designs is the entire point.
If more people would refuse to use maliciously designed web sites, then there would be less maliciously designed web sites, because all of those of that ilk would go bankrupt and disappear from the face of the Internet.
Re: (Score:1)
Psst...
No one is going to wade through your turd forest to get to your actual comment.
Like everything in your life, even your posts are a race to the bottom!
I thought Google was the Ultimate (Score:2)
From the names (Score:1)
Google doesn't care (Score:4, Insightful)
Re:Google doesn't care (Score:4, Interesting)
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
On many Linux distros (Score:2)
Thus you can do a `grep` from the list of dirs here in the list of extensions given on the site in TFS
cd ~/.config/google-chrome/Default/Extensions
for d in *; do grep $d ~/badextlist.txt;done
If nothing comes out of that, you're ok.
Re: (Score:2)
I'm actually surprised that ZDNet listed the extension ID list in the article. That's way too technical for them and their readers, but great nonetheless.
Re: (Score:2)
Sad that Google already has the metadata to block (Score:2)
basically anything with 'wallpaper' in the title (Score:3)
Re: (Score:2)
This is a general theme. Every time malware in extensions comes up, it is almost always in gimmicky extensions. Always ask yourself "do I really need this?".
The days of free money is over. (Score:2)
Google, Facebook, Apple... Made their money by algorithms collecting content from people then selling them back to the people who would like to view it.
Now this is becoming a greater problem and these companies are faced with the fact that such products that they sell will need to be reviewed for quality and safety. This will cost them money. However this isn't new. A retail store has to stand behind the quality and safety of its products it sells no matter the manufacturer. When there is a Recall, the r
So, just like Google and Bing then (Score:2)
identified to hijack and insert ads inside Google and Bing search results.
That's why it's sneaky and it went undetected for a while: what's to distinguish a metric shitton of annoying pointless Google ads from a metric shitton of annoying pointless non-Google ads eh?