Yep, Google’s web store is now stocked with fewer Chrome extensions than before — but for good reason. The tech giant pulled two extensions for its web browser over the weekend after they were found to contain malware that covered users’ screens with unwanted ads.
The two extensions, which were for Twitter and popular RSS reader Feedly, were recently updated, with the new versions forcing ads on users by injecting affiliate links into web pages. Developer Amit Agarwal, who originally created the ‘Add to Feedly’ extension, explains in a blog post how he recently sold his creation for a four figure sum only to discover that the new buyers had turned his project into a way to spread adware:
These aren’t regular banner ads that you see on web pages, these are invisible ads that work the background and replace links on every website that you visit into affiliate links. In simple English, if the extension is activated in Chrome, it will inject adware into all web pages.
The second extension, called ‘Tweet this Page’, was also pulled after it was found to violate Google’s new policies, according to the Wall Street Journal. The policy requires all extensions to be “simple and single-purpose in nature”, and only have “a single visible UI ‘surface’ in Chrome, a single browser action or page action button.” Presumably, plying users with covert ads while offering the ability to subscribe to a site’s RSS feed went
slightly against that update.
Although the two extensions were not official Twitter and Feedly products, and had relatively smaller user bases with less than 100 000 users a piece, the incident is an interesting case study in how far spammers will go to ply unsuspecting users with ads. It also suggests that Google will be taking a hard line against any Chrome additions that go beyond their stated purpose and force ads on their users when the new policies officially come into effect for all extensions in June this year.