Scammer have been impersonating a Chrome extension for years, tricking a whole lot of hundreds of customers into putting in adware on their endpoints (opens in new tab). 

BleepingComputer discovered an organization known as “Puupnewsapp” constructed a Chrome extension known as “Web Obtain Supervisor”, which guarantees main obtain enhancements (as much as 500% obtain velocity enhance), making it ultimate for downloading films, video games, and different massive information.

Nonetheless, as an alternative of honoring that promise, the extension does quite a lot of malicious issues, equivalent to opening hyperlinks to spammy websites, altering the default browser (opens in new tab) search engine, displaying pop-up advertisements, and prompting customers to obtain extra information and applications. 

Pretend constructive critiques

These information embrace hxxps://www.puupnewsapp[.]com/idman638construct25.exe and hxxps://www.puupnewsapp[.]com/home windows.zip, with the home windows.zip archive being  NodeJS that executes JavaScript code to regulate Chrome and Firefox registry settings. The extension additionally modifications the default browser search engine to smartwebfinder.

Regardless of the extension primarily being adware, it’s been sitting within the Chrome Play Retailer repository for at the very least three years. And regardless of quite a few critiques warning customers to remain away, the extension has nonetheless managed to amass greater than 200,000 downloads. Some critiques are constructive, nonetheless, which means that the fraudsters tried their greatest to cover the reality from the customers.

One of many potential causes for the recognition of the fraud could be the truth that there actually is an genuine Web Obtain Supervisor. This program, printed by software program maker Tonec, has its personal Firefox and Chrome extensions, known as “IDM Integration Module”.

It additionally appears that Tonec was fairly conscious of varied imposters lurking within the depths of the web, as its FAQ clearly states that “all IDM extensions that may be present in Google Retailer are faux and shouldn’t be used.”

Google’s app repositories, each for Chrome, and for Android, are beneath a relentless barrage of assaults, with fraudsters making an attempt their hardest to squeeze by way of as many malicious and fraudulent apps as potential. That’s why customers are suggested to at all times learn by way of the critiques, and test the variety of downloads, earlier than putting in something. Additionally, it gained’t harm to take a look at different apps from the identical developer.

• These are one of the best firewalls (opens in new tab) in the meanwhile

Through: BleepingComputer (opens in new tab)