Jump to content

Fake Chrome apps highlight why automated scans are not enough


Batu69

Recommended Posts

While Mozilla is still in the process of setting up add-on signing for its Firefox web browser, Google uses the system already for apps and extensions for its Chrome web browser.

Mozilla's add-on signing efforts have been criticized as ineffective recently, and the same can be said for the automated scans that Google runs to filter out malicious extensions or apps before they are listed in the official Chrome Web Store.

A user on Reddit noticed yesterday that the Chrome Web Store would return an app called U block for Origin as the first result for the search term ublock origin.

As you can see on the screenshot below, it is the first result returned on the search results page, and while it is clearly marked as an application, will get user clicks just because of its position in the results.

ublock-origin-fake-app.jpg

The "real" uBlock Origin application is listed as the first entry under Extensions, way below the fake entry.

The description and icons the fake apps use are taken directly from uBlock Origin as well.

Experienced computer users will spot the fake right away, but inexperienced users may not.

Further investigation revealed that the same developer has added a whole batch of fake apps to the store posing as TunnelBear, AdGuard, Browsec VPN, Easy Proxy, Hola and more.

The only purpose of the apps seems to be to lure users to a website that displays advertisement for monetization.

Each faked application has its own page on that website with a short description and a link back to the Chrome Web Store or the developer website.

It seems right now as if the sole purpose of those fake apps was to drive traffic to the website to drive up ad revenue. While that is the case, similar sites might contain attack code on top of that.

Google's automatic scan failed to realize that the apps were fake. A simple icon/description check would have resulted in a hit for instance, and while that is easy to bypass by adjusting the description and changing icons, it might prevent at least some incidents in the future.

This is not enough though to prevent this from happening again in the future and it seems likely that incidents like these will happen again unless Google changes the vetting process significantly.

Mozilla's situation is different from Google's. All extensions get reviewed manually before they are allowed in the Mozilla Add-ons Store. This is however not the case for add-ons that are submitted for signing only. While developers need to submit add-ons for signing so that Firefox Stable and Beta users can install them once add-on signing becomes mandatory, they may offer signed add-ons on third-party sites exclusively.

This means that these add-ons won't be reviewed manually by Mozilla.

Article source

Link to comment
Share on other sites


  • Replies 4
  • Views 1.2k
  • Created
  • Last Reply

Chrome Store has been full of fake add-ons for years . If someone install and add-on over there without looking at the reviews there nuts . They not only have many addons that’s fake they have many that’s not been updated in so long they don’t even work any more .

I never had a problem with Firefox addons I ether got them from AMO are from the developer of a well known add-on . If you install a bad add-on most of the time its you’re own fault . There's a few exceptions were some developers updated there addon with something bad and AMO pulled it.

Now Firefox plain to change to Chrome add-ons one day because of a few reckless complainers that will install anything and now all must pay when Chrome cant make sure there own addons are safe .What's the internet coming too?

Link to comment
Share on other sites


Internet is not a safe place for inexperienced users...not anymore.. :mellow:

Never was, never will be. World is full of scammers, liars, and cheats, from the bottom of the heap to the top of government.

Link to comment
Share on other sites


Chrome Web Store now has many dangerous apps and extensions. I've been a victim of this, install wrong extension and got many ads from DNS Unlocker

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...