This dangerous fake Chrome extension could be hurting your device without you knowing

News
By Sead Fadilpašić
published

Fake Chrome extension has been sitting in the store for years

A blue color image of a person trying to log into a protected laptop.
(Image credit: Shutterstock/JARIRIYAWAT)

Scammer have been impersonating a Chrome extension for years, tricking hundreds of thousands of users into installing adware on their endpoints

BleepingComputer found a company called “Puupnewsapp” built a Chrome extension called “Internet Download Manager”, which promises major download improvements (up to 500% download speed increase), making it ideal for downloading movies, games, and other large files.

However, instead of honoring that promise, the extension does a number of malicious things, such as opening links to spammy sites, changing the default browser search engine, displaying pop-up ads, and prompting users to download more files and programs. 

Fake positive reviews

These files include hxxps://www.puupnewsapp[.]com/idman638build25.exe and hxxps://www.puupnewsapp[.]com/windows.zip, with the windows.zip archive being  NodeJS that executes JavaScript code to adjust Chrome and Firefox registry settings. The extension also changes the default browser search engine to smartwebfinder.

Despite the extension essentially being adware, it’s been sitting in the Chrome Play Store repository for at least three years. And despite numerous reviews warning users to stay away, the extension has still managed to amass more than 200,000 downloads. Some reviews are positive, however, meaning that the fraudsters tried their best to hide the truth from the users.

One of the possible reasons for the popularity of the fraud might be the fact that there really is an authentic Internet Download Manager. This program, published by software maker Tonec, has its own Firefox and Chrome extensions, called “IDM Integration Module”.

Read more

> Google wants to help you avoid bad Chrome extensions

> Remove these Chrome extensions right now - they could be stealing your data

Here's the best privacy tools and anonymous browsers

It also seems that Tonec was quite aware of various imposters lurking in the depths of the internet, as its FAQ clearly states that “all IDM extensions that can be found in Google Store are fake and should not be used.”

Google’s app repositories, both for Chrome, and for Android, are under a constant barrage of attacks, with fraudsters trying their hardest to squeeze through as many malicious and fraudulent apps as possible. That’s why users are advised to always read through the reviews, and check the number of downloads, before installing anything. Also, it won’t hurt to check out other apps from the same developer.

Via: BleepingComputer

Sead Fadilpašić
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.