Following reports of adware being distributed through extensions for Google’s Web browser Chrome, the search giant has removed two applets from it its online store.
Pulled from the Chrome Web Store were “Add to Feedly” and “Tweet This Page.” Both extensions were mentioned in an Ars Technica report Friday about adware vendors buying popular Chrome extensions and transforming them into advertising hoses.
Google banned the extensions from the Chrome Web Store because they violated its terms of service policy, The Wall Street Journal reported Sunday.
Those terms were updated in December with an eye toward preventing software developers from using extensions to insert advertising on more than one part of a Web page. Adware places ads on multiple places on a page, including within copy.
Those terms will be changed again in June, when extensions will be restricted to a single purpose, according to Ars.
Google did not respond to our request to comment for this story.
After selling his extension to an adware outfit, the developer of “Add to Feedly” regretted the decision.
Amit Agarwal explained that out of the blue one morning he received an offer he couldn’t refuse.
“It was a four-figure offer for something that had taken an hour to create, and I agreed to the deal,” he wrote in his blog. “I had no clue about the buyer and was also curious to know why would anyone pay this kind of money for such a simple Chrome extension.”
His curiosity ended when the extension’s new owners released their first version of the applet. The update contained no new features or bug fixes. The only addition was an ad engine.
“These aren’t regular banner ads that you see on Web pages. These are invisible ads that work the background and replace links on every website that you visit into affiliate links,” Agarwal wrote.
“In simple English, if the extension is activated in Chrome, it will inject adware into all Web pages,” he added.
Unsurprisingly, the new Add to Feedly’s ratings in the Chrome Web Store sank like a corpse in a concrete overcoat. Most users, though, would have had no idea what happened to the extension, since changes in ownership need not be reported and extension updates are performed by Chrome automatically in the background.
“It was probably a bad idea to sell the Chrome add-on and am sorry if you were an existing user,” Agarwal wrote.
Tweet This Page experienced a similar transformation, found Ron Amadeo, the author of the Ars piece.
“About a month ago, I had a very simple Chrome extension called ‘Tweet This Page’ suddenly transform into an ad-injecting machine and start hijacking Google searches,” he wrote.
For developers who write extensions largely for the love of it, the promise of a payday can be very tempting.
“Anything people are doing on the Internet to make money with advertising will be wrapped up for an extension developer as a monetization solution,” Ryan Hudson, cofounder of a popular coupon extension called “Honey,” said of its suitors.
“Write one line of code, and we’ll send you checks,” he told the E-Commerce Times.
While adware can be annoying, these extension sales have raised some greater security concerns.
“A lot of the activity that you see in the botnet realm could be accomplished with a compromised browser extension, too,” Hudson said.
This latest flap over extensions is a sign that cyberthreats are converging, noted Kevin O’Brien, an enterprise solutions architect with CloudLock.
“The same type of data exfiltration that happens in a mobile device when you install an app can happen in a Web browser,” he told the E-Commerce Times.
No longer are cloud services limited to email, he explained. They are also places for goodies like documents and other data found on a hard drive.
“Trivially, I can put up an extension that injects something into your Web browsing experience, and I’ll get 15 cents if you click on it,” he said. “But if I’m a little more sophisticated, and I extend that model, I can steal files from your drive account or information from your contact list.”
Anyone using a browser should keep the number of extensions they install to a bare minimum, Bogdan Botezatu, a senior e-threat analyst with Bitdefender, told the E-Commerce Times.
“It’s not only the more extensions you have the slower the browser’s performance is,” he said, “but you introduce new attack surfaces when you install an extension.”