piracy-malware-tileGoogle has pulled two extensions from the Chrome Web Store after reports they were hijacking users’ browsing experience to serve up unwanted ads. 

Both ‘Add to Feedly‘ and ‘Tweet This Page‘ were mentioned in reports that popular extensions are being purchased by adware companies who subsequently update them to silently inject adverts, pop-ups and affiliate links while the user is browsing.

As of today neither add-on is available to install from the Web Store, reports the Wall Street Journal.

While the pervasiveness of the ‘buy-to-spam‘ practice remains unknown more developers are coming forward to tell of their own experiences of adware and malware companies soliciting them.

In one example, the developers of the popular shopping add-on ‘Honeysay they were approached by several different malware, data collection and adware companies, all wanting to buy the add-on to gain access to its 700,000 users. Despite “six-figure sums” being proposed, the developers (wisely) refused to sell.

While Google are to be commended for acting on public concern and removing the offending items, it’s debatable whether anything would’ve been done had there not been such public admonishment.

Google will be hoping that the impending Web Store rule change, designed to improve performance of extensions in Chrome by forcing developers to ‘split’ functionality into separate add-ons, will prevent issues like this from occurring in the future.

News Extensions malware security