This dangerous fake Chrome extension could be hurting your device without you knowing
Fake Chrome extension has been sitting in the store for years
Scammer have been impersonating a Chrome extension for years, tricking hundreds of thousands of users into installing adware on their endpoints.
BleepingComputer found a company called “Puupnewsapp” built a Chrome extension called “Internet Download Manager”, which promises major download improvements (up to 500% download speed increase), making it ideal for downloading movies, games, and other large files.
However, instead of honoring that promise, the extension does a number of malicious things, such as opening links to spammy sites, changing the default browser search engine, displaying pop-up ads, and prompting users to download more files and programs.
Fake positive reviews
These files include hxxps://www.puupnewsapp[.]com/idman638build25.exe and hxxps://www.puupnewsapp[.]com/windows.zip, with the windows.zip archive being NodeJS that executes JavaScript code to adjust Chrome and Firefox registry settings. The extension also changes the default browser search engine to smartwebfinder.
Despite the extension essentially being adware, it’s been sitting in the Chrome Play Store repository for at least three years. And despite numerous reviews warning users to stay away, the extension has still managed to amass more than 200,000 downloads. Some reviews are positive, however, meaning that the fraudsters tried their best to hide the truth from the users.
One of the possible reasons for the popularity of the fraud might be the fact that there really is an authentic Internet Download Manager. This program, published by software maker Tonec, has its own Firefox and Chrome extensions, called “IDM Integration Module”.
It also seems that Tonec was quite aware of various imposters lurking in the depths of the internet, as its FAQ clearly states that “all IDM extensions that can be found in Google Store are fake and should not be used.”
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Google’s app repositories, both for Chrome, and for Android, are under a constant barrage of attacks, with fraudsters trying their hardest to squeeze through as many malicious and fraudulent apps as possible. That’s why users are advised to always read through the reviews, and check the number of downloads, before installing anything. Also, it won’t hurt to check out other apps from the same developer.
- These are the best firewalls at the moment
Via: BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.