One major problem with Chrome extensions is that they can start off legitimately useful and harmless. They might even gain a massive following and become an indispensable part of your browsing experience. However, unless you’re vigilant, these extensions can quickly turn into a nightmare, compromising your data and security. In this article, we’ll explore the stories of four Chrome extensions that started clean but turned into malware, putting millions of users at risk.
The Great Suspender: A Hugely Popular Extension with a Dark Secret
The Great Suspender was a hugely popular extension that helped curb Chrome’s insatiable hunger for RAM by unloading inactive tabs from memory. It’s a feature that Chrome has been doing for a few years ago, and ironically, it arrived the year after Google blocked The Great Suspender in 2021. The extension had two million users, and according to Bleeping Computer, was sold to an unknown buyer in 2020. Since it’s a free extension with no way of making money, this raised a red flag.
In 2021, the maintainer added an update which included tracking malware and the ability to execute remote code from a server on your computer if you had the extension installed. Google removed the extension from the store, and also forcibly uninstalled it, leaving millions of people with suspended tabs unable to retrieve them without a workaround.
Hover Zoom: A Simple yet Oh So Useful Extension with a Dark Past
Hover Zoom was just this kind of extension. The name says it all. Hover your pointer over the image on a web page, and it expands for you. At first, it was clean as a whistle, and people loved it. However, cybersecurity watchdogs noted that the extension was sending data back home. Something it didn’t have to do in order to work. It turns out later versions of Hover Zoom were spying on users and recording things like which sites they visited. Regular users didn’t catch on, because the extension kept working as usual.
The spying happened quietly in the background. There’s a great article by Sam Jadali from Security with Sam that collects the numerous reports of how Hover Zoom spied on users and send that data to third parties neatly organized in a timeline. Just in case you want all the sordid details.
Nano Adblocker: A Tiny Little Problem
Look, I get it, people don’t like ads on websites so they install adblockers. Of course, a website like this one costs money to maintain and to create the content you’re enjoying right now, so if you do block all the ads you end up with paywalls, but I digress. The thing is, if you’re also not paying for your adblocker, then you run the risk of being exploited by its creators, as they prey on your desire to enjoy websites for free, and that’s what happened to Nano Adblocker.
Built on uBlock Origin, it was marketed to power users as a powerful community-driven blocking tool. In 2020, the extension changed hands, and soon the extension injected malicious code into websites its users visited. Possibly because the Nano Adblocker userbase was more tech-savvy, people caught on to this quickly. According to Ars Technica it had more than 300,000 active users, which is a big and juicy target.
The original GitHub project still exists, and the previous maintainer’s take on the situation makes for interesting reading.
Copyfish: Free OCR Software with a Malicious Twist
Copyfish is free OCR (Optical Character Recognition) software that lets you copy text from images and PDFs. However, in 2020, unfortunately, that was also the year Copyfish started injecting ads into websites people who use it were visiting. According to Bleeping Computer, the developers fell for a phishing attempt and so the hackers gained access to the extension.
The Dark Side of Chrome Extensions
Chrome extensions can start off harmless but become malicious after becoming popular. Extensions can be sold or have malicious code added without users noticing. Google detects and blocks malicious extensions, but past examples have been egregious. Extensions can inject tracking malware and execute remote code. Free extensions can be a red flag for malicious activity. Extensions can work quietly in the background, making them harder to detect. Users can be exploited by adblocker creators if they’re not paying for them. Extensions can be hacked through the Chrome extension update system. There’s no such thing as a safe extension.
Conclusion
The Great Suspender, Hover Zoom, Nano Adblocker, and Copyfish are just a few examples of Chrome extensions that started clean but turned into malware. These stories highlight the risks associated with using extensions and the importance of vigilance. Chrome extensions can be incredibly useful, but they can also compromise your data and security. By being aware of these risks and taking necessary precautions, you can minimize the chances of falling victim to malicious extensions.
Recommendations for Chrome Extension Users:
- Always read reviews and ratings before installing an extension.
- Be cautious of free extensions, as they may be more likely to be malicious.
- Keep your extensions up to date, as updates can fix security vulnerabilities.
- Use a reputable antivirus program to scan your extensions for malware.
- Consider using a password manager to protect your sensitive information.
By following these recommendations and being aware of the risks associated with Chrome extensions, you can enjoy the benefits of extensions while minimizing the risks.
