Submit News Alternative Tip Form

Adware Companies Are Buying Up Popular Chrome Add-Ons

feedlyMillions of Chrome users place their trust in the hands of extension developers. But what happens when add-ons are sold to a new owner? 

In what sounds like the paranoid conspiracy theory of an anti-Google shill, some popular Chrome extensions are reportedly being bought up by pedlars of malware looking for a fast way to infect thousands of users at once.

This is precisely what happened to one of Chrome’s most popular* third-party Feedly extensions.

‘Four figure sum for an hours work’

The developer of the ‘Add to Feedly’ extension, Amit Agarwal, says that he was approached out of the blue by a (mysterious, un-Googleable) individual wanting to buy his add-on.

“It was a 4-figure offer for something that had taken an hour to create and I agreed to the deal,” explains Amit on his blog.

Such an offer would tempt most of us. But in pocketing the money, and transferring ownership to another party, Amit also sold the trust of the 30,000+ users who had chosen to install it.

Just a few short months after completing the deal the new add-on owners issued their first, and thus far only, update. One that added an unwelcome new ‘feature': adware.

Google updates Chrome extensions silently in the background, meaning the majority of users would have been unaware that the spammy links, pop-up ads, and intrusive affiliate code embeds suddenly affecting each and every site they visited were the fault of their dependable Feedly add-on.

Those that were able to narrow it down soon took to the Chrome Web Store to vent their disappoint, which is how Amit first became aware of the issue.

In a galling twist, a switch to turn “off” advertisements was included with the update but, according to user reports, is nothing more than a dummy. Whether on or off, unwanted adverts continue to show up.

‘Shady Practice’

But is this an isolated incident? It seems not.

Tech reporter Ron Adameo found himself experiencing the brutish reality of an ad-injecting add-on update, transforming a once-handy Twitter tool into an ad-injecting machine” that hijacked his every Google search.

As Google Chrome grows in popularity it’s probable that these sorts of shady, underhanded practices will increase along side it.

*We’ve chosen not to include a link to the add-on at the centre of this article.
  • Wesley Files

    Whoa. Thanks for the heads up.
    Honestly, this is eye-opening; I always thought the un-official apps I saw across Chrome and Windows Phone were simply other users who wanted the functionality as much as I did. I never would have considered the potential for another company to jump in and pervert that original kindness.

  • Jason Byrne

    I had the extension installed and noticed the inserted “search ads” recently. Disabling this “feature” in the settings did seem to work for me. But I just removed the extension anyway after reading this article. Before reading this I thought Feedly itself was responsible.

  • Paolo

    Noticed something similar for the “Yet Another Google Bookmarks Extension” extension; at some point very popular, it was taken over by a new developer; suddenly, without visible notice to the user, it started injecting/replacing ads from visited pages. Since the behavior was spotted, the new author sort of admitted the practice and added a configuration switch to disable it (by default enabled though).

    • http://www.techmansworld.com/ Michael Hazell

      If you ask me, that extension should be flagged and removed from the Chrome store. It deliberately ruins a user’s browsing experience, and it alters websites in ways that users did not expect. Something like AdBlock I would say doesn’t count because it tells you up front what it will do.

  • pawelkomarnicki

    There was a massive issue with another extension called “WIndow Resizer”, being basically malware and tracking keystrokes and stuff — be aware that “Tracking activity on all websites” usually means “malware” unless it’s a really usable extension (e.g. real tracker of something)

  • http://www.7gen.com reikiman

    There should be a better screening process for these things.

  • TechWings

    Yeah, I figured it out and promptly uninstalled. This sucks.

  • http://dominicnaylor.com/ Dominic Naylor

    I have been complaining about adware extensions for so long now, and as usual Google never listens.

    This isn’t the only extension that does this, there are loads of extensions in the Store that add advertisement overlays upon installation.

    • http://dominicnaylor.com/ Dominic Naylor

      Google will never win me away from Windows and Firefox untill, they sort out, 1. tab width size decreasing the more tabs that are opened, 2. implement a tab scroll, 3. stop all tabs from loading on start-up “Don’t load tabs until selected”, 4. Add a decent Office suit to Chrome.

      • Lou G

        “1. tab width size decreasing the more tabs that are opened”

        the more you have open, the more space it takes up, the less screen size other tabs have.

        If you have 20 tabs open it makes sense that you’d have less pixels of them showing. So for them to “address” the “issue” is dumb.

        and they already have added a decent office suit (hint: it’s suite, not suit. you don’t wear an office app). it’s called drive.google.com and if you don’t like that you can use skydrive.live.com and if you don’t like that then rollapp allows you to use either libreoffice or openoffice in the browser.

      • Magalaan

        Another MS shill. I really hate how MS is corrupting websites with their evangelists spreading their scroogle campaign.

        Yes M$ is EVIL

        • http://plus.google.com/115156608954156312882/ Matt Sturgeon

          While I agree Microsoft is evil, has pretty poor products and immoral business policies, I don’t think a MS evangelist would promote open source software like Firefox – especially if it competes directly with a MS product (Internet Explorer)

          • Magalaan

            Of course the do to gain trust, at the same time they trash firefox on other sites. They always use the same studid arguments, like Unity is awfull, and Firefox eats all your memory. They do that with all their competitors, that is what they pay their evangelists for.

      • Martin Pool

        There are a bunch of extensions to change the tab bar behavior, giving you grouping, multiple rows, popdown menus, scrolling, thumbnails, etc. See for example http://www.makeuseof.com/tag/10-extensions-chrome-tab-management/

        I don’t personally use any of them at the moment because I find it’s better for my mind to have only a few tabs open at a time.

    • Zanpher

      Once adware / malware, and other criminal extensions are reported to Google. Google is then on the hook for all damages caused by the reported extension.

    • Ben Bristow

      Same. Mindspark Interactive Inc, the people behind the classic ‘SmileyCentral’/’Zwinky’/’CursorMania’ and those ‘Helllloooooo!’ adverts with obnoxiously big animated 3D smileys have started releasing their ‘services’ on the Chrome Web Store. Installs their freaking ‘MyWebSearch’ toolbar amongst other things.

      Wish Google would just sort stuff out. These extensions are near the top of the list.

  • Thomas Godart

    Installing a Chrome extension or any software from “a guy” is a bad practice. It should always come from the main company that delivers the targeted service. And it should always be open-source, so that nothing nasty is done silently. IMHO

    • Zanpher

      Close-sourced extensions does not mean something nasty is being done silently, that is a company / programmer call.

      Now days, any one can develop, so that is NOT bad practice.

      All in all, your post IS bad advice.

      • Sebastiaan Franken

        Not really. Closed Source means I can’t see what’s going on under the hood. At least then I’d know what was going on. Open Source = transparancy

        • ngyikp

          Hover Zoom and YouTube Ratings Preview are two open-source extensions that got ads.

          http://www.reddit.com/r/chrome/comments/19nndn/hoverzoom_stealing_all_its_users_browsing_data/
          http://www.reddit.com/r/chrome/comments/1rudw4/the_youtube_ratings_preview_extension_now/

          Just because a software is open-source doesn’t mean it won’t be tampered in some way in the final product to the end user.

          Plus, you *can* see the source code of Chrome/Firefox extensions, it’s just inside your User Data/Extensions folder.

        • BartWillemsen

          But even with open source software, the moment you realise there’s something wrong it’s probably already too late. Especially if it’s an addon you already installed and updates silently in the background.

          open source software is just as much of a risk in this case.

        • BartWillemsen

          And also.. I hear everyone saying this. But be honest on me with this. Do you really read through hundreds of lines of code just to see what the app exactly does every time you find a new addon? :P I don’t. Ain’t nobody got time for that?

  • Grant Hoben

    I’ve personally had this problem appear on my Google Chrome browser and tracked the cause of the attack to an extension called “Awesome Screenshot: Capture & Annotate 3.4.8”. I also found another adware program loaded on an extension called “World Clocks”.

    A word of warning for ecommerce platforms: the “Awesome Screenshot: Capture & Annotate 3.4.8” extension was attempting to strip out data from our corporate websites reservation flow, so it appears they are also trying to harvest user information. Fortunately our system wasn’t compromised.

    Since early November I’ve fielded a number of complaints from customers who are unable to make reservations, and each one has been resolved by systematically deleting extensions until you find the culprit.

    The “World Clocks” extension hijacks the browser and starts displaying localised ads in places where Google Adwords would normally display on a website. It also hyperlinks keywords on web pages and on mouse-over displays advertising.

    I’m sure there are hundreds of extensions being corrupted.

  • LOLwhut

    A “Four Figure Sum” as in $1000? Blow me. Write your own extension.

    • zaiger

      If someone offered me $5000 for something I wrote in an hour I would probably take it.

  • eknirb

    My Chrome browser had a few extensions on it—just bookmarks, icons that took you to a site. One for YT..FB..twitter..Google Drive. Right? “Go to Facebook,” “Go to Google Drive,” etc. Made by “Betty.” Yeah, right. I noticed when the browser opened, I noticed something that said “msaver.ru” in the bottom left. Dot RU? As in..Russia? That bears watching, I think. So sure enough, overnight Sunday night/Monday morning, I get little graphics all over for “Coupon DropDown.”

    That nice little malware showed up while I slept. Took a min and a new and un-needed Chrome reinstall to realize where it came from. I wrote someone @ Google directly to report this.

    Made me mad.

    • Matthew Fatheree

      I’m having a similar issue with msaver.ru. What did you have to do to fix it? where was it coming from ?

  • Kent Smith

    Does this also apply to Chromium???

    • Sn3ipen

      Yes.

  • Metazoxan

    If I developed an extension and was approached with such an offer I’d take it but then I’d promptly send out a message that ownership has changed and direct them to my new extension that basically does the same thing as the old one but is completely new. That way I get my money, my users’ trust in my isn’t destroyed, and we can all laugh at the adware losers who bought an extension that hopefully no one will even use anymore.

    • Alvin B.

      Most purchase deals would include a no-compete clause. You don’t want to be on the receiving end of adware company lawyers.

  • travis

    Wouldn’t have this problem if the apps/extensions were opensource.

  • Alvin B.

    I’ve run into a couple of extensions myself that covertly insert Google text ads at the bottom of random webpages around the net. They are honest and tell you that the ad is “brought to you by” that extension… but still, the process of inserting ads into random websites is very scummy. Sadly, Google seems to allow it.

  • mony1