Nefarious Developer Buys up Abandoned Chrome Extensions and Injects Them With Adware

When was the last time you evaluated what browser extensions you are using? You may want to double check for older extensions.  A artile on themerkle.com warns about older extensions are being used for malicous intent. The origional article can be found HERE. Firefox

Firefox extensions can be foudn under tools and selecting Add ons. I found I had two I wasn’t using and one that was auto disabled by firefox.

For Chrome, you can find the extensions under Windows and selecting extensions. You should take five minutes and validate the extensions for each browser you use. Here is that article about the malware in extensions.

Google Chrome is one of the most popular internet browsers around the world. This application works on computers, phones, and tablets. Unfortunately, it is also often targeted by criminals looking to do harm to internet users. In a new effort, malicious developers are buying up abandoned Chrome extensions and turning them into adware projects

Old Chrome Extensions are at Risk

An unidentified company is extending various financial offers to developers who have abandoned their Chrome extension. In some cases, the original developer no longer has the time to maintain the code. Another reason is how there is little innovation left for the extension in its current stage. These people are more than happy to be “bought out,” even if we are only talking about a marginal sum of money.

Given the vast amount of Chrome extensions no longer under active development, malicious users have targeted them. By buying up these abandoned projects, they can take the code and turn it into an adware project. Since these extensions have often been approved by the Chrome Web Store in the past, new versions can get in without too much trouble. Even if that update includes some references to adware, it will often take weeks, if not months, until the extension is reported and removed.

Some of these abandoned projects are still actively used by thousands of users around the world. In one particular case, users started complaining about the Particle extension which suddenly asked for new permissions. There is no reason for most extensions to read and change data on visited websites or being able to manage apps and other extensions. This type of behavior caught the attention of tech-savvy users, who immediately reported the incident.

This particular Chrome extension has been abandoned since May. Someone has successfully purchased the old code and turned it into something far more harmful. Interestingly enough, it appears the original developer could determine his own price for the sale of his project. Considering how there were no plans to continue this project, any financial offer was welcomed with open arms.

A closer analysis of the updated Particle extension source code reveals new code has been added to inject advertisements into all websites visited by the extension’s users. In doing so, the new developer of particle aims to earn a lot of money, although it remains to be seen if that will be the case. It appears the main platforms targeted with these new ads range from Google to Amazon and eBay to Booking.com.

It appears the person responsible for the updated Particle extension code has done this with other popular Chrome extensions. The Twitch Mini Player, for example, is now riddled with adware code as well. It is expected more extensions will succumb to this over the coming months. The Chrome team will need to address these issues. Removing the extensions from the store is one way of doing it, but that does not help the existing user base.

One thought on “Nefarious Developer Buys up Abandoned Chrome Extensions and Injects Them With Adware”

Leave a Reply to Rehan Cancel reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.