This dangerous fake Chrome extension could be hurting your device without you knowing
Fake Chrome extension has been sitting in the store for years
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Scammer have been impersonating aChrome extensionfor years, tricking hundreds of thousands of users into installing adware on theirendpoints.
BleepingComputerfound a company called “Puupnewsapp” built a Chrome extension called “Internet Download Manager”, which promises major download improvements (up to 500% download speed increase), making it ideal for downloading movies, games, and other large files.
However, instead of honoring that promise, the extension does a number of malicious things, such as opening links to spammy sites, changing the defaultbrowsersearch engine, displaying pop-up ads, and prompting users to download more files and programs.
Fake positive reviews
These files include hxxps://www.puupnewsapp[.]com/idman638build25.exe and hxxps://www.puupnewsapp[.]com/windows.zip, with the windows.zip archive being NodeJS that executes JavaScript code to adjust Chrome and Firefox registry settings. The extension also changes the default browser search engine to smartwebfinder.
Despite the extension essentially being adware, it’s been sitting in the ChromePlay Storerepository for at least three years. And despite numerous reviews warning users to stay away, the extension has still managed to amass more than 200,000 downloads. Some reviews are positive, however, meaning that the fraudsters tried their best to hide the truth from the users.
One of the possible reasons for the popularity of the fraud might be the fact that there really is an authentic Internet Download Manager. This program, published by software maker Tonec, has its own Firefox and Chrome extensions, called “IDM Integration Module”.
Google wants to help you avoid bad Chrome extensions>Remove these Chrome extensions right now - they could be stealing your data>Here’s the best privacy tools and anonymous browsers
It also seems that Tonec was quite aware of various imposters lurking in the depths of the internet, as its FAQ clearly states that “all IDM extensions that can be found inGoogleStore are fake and should not be used.”
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Google’s app repositories, both for Chrome, and for Android, are under a constant barrage of attacks, with fraudsters trying their hardest to squeeze through as many malicious and fraudulent apps as possible. That’s why users are advised to always read through the reviews, and check the number of downloads, before installing anything. Also, it won’t hurt to check out other apps from the same developer.
Via:BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
This new phishing strategy utilizes GitHub comments to distribute malware
Should your VPN always be on?
NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)
