A phony AdBlock Plus extension was listed in Chrome’s official Web Store up until today, with more than 30,000 people have downloaded it. Anonymous cybersecurity personality @SwiftOnSecurity called attention to the fake extension and pointed out that imposters, like this fake AdBlock Plus, continue getting through the Google's vetting process and into the store's listings. That presents an especially tricky situation for users who might not carefully check each extension’s developer.
In this case, a developer going by “Adblock Plus” intentionally created an extension that looks just like the legitimate Adblock Plus, which is developed by adblockplus.org. More than 10 million people use the legitimate service. While the listing is no longer live, the knockoff developers still managed to convince 37,000 people to download it. We don't know if the extension was malicious or what data it might have compromised.
Google used to have a major problem with malicious Chrome extensions. The company admitted as much in 2015 when it officially blocked Windows and Mac users from downloading Chrome extensions not hosted on the Chrome Web Store. That move was meant to address concerns that users were downloading malicious software. The company said at the time that it saw a 75 percent drop in support requests for uninstalling unwanted extensions when it made this policy official for Windows users.
Still, we saw hackers return to this same naming trick in a widespread phishing attack earlier this year that spoofed Google itself. An attacker named a third-party web app "Google Docs," which tricked users into giving the app permission to access their address book and Gmail. In the aftermath of that attack, Google said it would work "to prevent this kind of spoofing from happening again."
At this point, it isn't clear how the company addressed the issue, and obviously, spoofing still presents a problem on the Chrome Web Store. We've reached out to Google for clarification on its security vetting process and whether it's looking into this malicious extension. We'll update when we hear back.