Google bans Chrome extensions for serving rogue ads

Google has banned two extensions from the Chrome Web Store following outrage from users for serving adware under the pretext of sharing links to various sites.

The extensions in question are "Add to Feedly" and "Tweet this Page" which were quite useful for sharing links until they were bought out by malware developers who started replacing the links with pop-under and rogue advertisements. According to Amit Agrawal, the developer of "Add to Feedly," an unknown company bought the extension from him for an undisclosed four figure sum and inserted their own malware injection code into it. Another developer of an extension called "Honey" turned down the purchase offer from a malware company and conducted a Reddit IAmA about his experience.

In response to complaints from users in the reviews of the extensions and on multiple internet forums, Google removed the extensions and has cited its policy update from December regarding submissions to the Chrome Web Store. According to Google, extensions must have a single purpose and must not be used to deliver spam or adware.

While the problem isn't limited to Chrome, as a Firefox extension was also reported to be carrying malicious code in the past, it's good to see that Google have responded to threats emerging through the Chrome Web Store in a prompt manner.

Source: WSJ via The Verge | Image via Ars Technica

Report a problem with article
Previous Story

Leaked images show Samsung Galaxy S5 might have a redesigned UI

Next Story

Nokia Lumia 929 shown off on video, again

27 Comments

Commenting is disabled on this article.

why is google remove extensions from my chrome after I closed browser and open again 5 minutes ago? It was gone! wtf?

Google could have prevented this by analyzing each extension instead of blindly allowing extension updates to be pushed to users.

Well this is hardly more than a short term (and incredibly limited) fix...

I hope they have something MUCH better planned.

That didnt take long. Good Google taking action on this. Lot of harping about something that will become more and more annoying as time go on. People producing malware will find new and creative ways of delivering their crap.

Most antiviruses still don't detect extensions, toolbar or background services that redirect DNSs, hijack downloads or inject ads into webpages because they still classify that as "adware". Unbelievable. And in the few cases that some of that crapware is detected their authors simply push an update with another random name so that it's not detected any longer. Until browsers will start blocking less-popular executable downloads by default (like the latest IE versions and Win8 do) this will never end

francescob said,
Most antiviruses still don't detect extensions, toolbar or background services that redirect DNSs, hijack downloads or inject ads into webpages because they still classify that as "adware". Unbelievable. And in the few cases that some of that crapware is detected their authors simply push an update with another random name so that it's not detected any longer. Until browsers will start blocking less-popular executable downloads by default (like the latest IE versions and Win8 do) this will never end

The problem is that it causes more than a few headaches. I've had to unblock many downloads because "smartscreen" errornously blocked the download. Norton has a similar function but it is based on reputation so any new files that were just recently created are auto-deleted which makes me question how files are supposed to get a reputation in the first place.

shinji257 said,

The problem is that it causes more than a few headaches. I've had to unblock many downloads because "smartscreen" errornously blocked the download.

You should actually blame who still published unsigned executables. They had 10 years since XP SP2 started showing warnings for unsigned downloads. Blocking unsigned and non-popular downloads keeps less knowledgeable users away from a lot of crapware and that certainly overcompensates expert users having to do a couple of clicks to unblock the file or disabling the feature entirely.

The only crapware that gets around the block is that ad-injecting and page-redirecting garbage just because they write what it does in the EULA therefore AV makers just treat that as adware (remember? they did the same for dialers, those idiots never learn). I've seen machines with dozens of those kinds of extensions installed because that spamware keep downloading and installing similar software either automatically (background updating services) or by hijacking users executable downloads. Oh, and they also use sneaky names like Windows Update, Visual C++ Runtime 2013 or names similar to popular opensource software (with the same icons) to make it very hard to identify them all. Google tried to stop this phenomena by forcing extensions to have only one easily understandable functionality (not immediately, it will be mandatory only one year from now for current extensions), I hope that'll help.

Shadowzz said,
Smart screen does not block you from using malicious programs. It just warns you.

And? That's the same exact terminology Microsoft uses, go in the file properties of a recent download and see yourself the Unlock button in there (you can find the same terminology in both the Windows help or IE website).

Edited by francescob, Jan 21 2014, 1:38am :

Shadowzz said,
Smart screen does not block you from using malicious programs. It just warns you.

Actually in Windows 8 it will flat out block you if it thinks the program is unsafe. I've had a ton of programs blocked as "unsafe" even though they were fine.

francescob said,

You should actually blame who still published unsigned executables. They had 10 years since XP SP2 started showing warnings for unsigned downloads.

That's fine and everything but not everyone can afford a certificate to sign an executable file with. A warning is ok and that's fine. It's smartscreen doing a flat out block that's at issue.

Edited by shinji257, Jan 21 2014, 1:15am :

Oh my Windows 8 must work differently then. It just warns me and gives me 1 option " OK".
But if you click the "More information" or whatever blue text, you get the option to run the file anyways.

I've downloaded tons of crap and smart screen only warns, Windows Defender stops the file from running if it has bad mojo.

shinji257 said,

That's fine and everything but not everyone can afford a certificate to sign an executable file with. A warning is ok and that's fine. It's smartscreen doing a flat out block that's at issue.

For developers that can't afford a certificate Smartscreen checks the file popularity so it offers a decent compromise, you can run anything blocked anyway if you ignore the prompt, even though I think non-experienced users should be forced to running only content from app stores since most of them usually have no clue about what they're doing and download every software from all those advertised adware/crapware links flooding Google's and especially Bing's results, a problem for which neither of the companies seems to have actually intention of doing anything.

The main malware entry points left are only plugins, for which I hope that any related from Adobe/Sun dies a slow and horrible death due to the retarded nonchalance of how they handle the automatic updates, and executables that people seems to love running from any mail or web page. Once those two holes are closed malware as we know it will probably cease to exist so I can't wait until both the problems are finally addressed.

extensions must have a single purpose and must not be used to deliver spam or adware.

extension maker should've switch to IE,
as Microsoft have something called "Microsoft Advertising SDK",
which can be use to legally spam Windows users with ads.

Because putting a banner in your app is totally like injecting obfuscated code into every single webpage you visit or hijacking your downloads... totally.

Torolol said,

extension maker should've switch to IE,
as Microsoft have something called "Microsoft Advertising SDK",
which can be use to legally spam Windows users with ads.

Are you seriously comparing an in App advertising API platform to companies adding malware to computers?

In 2012, more Windows 7 users got malware from using Chrome than they did from using all Microsoft products combined, including IE and the OS itself. This is just another example of a Chrome entry point that has been wide open for a while now.

PS The only reason Google restricts 'spam/adware' is that it would compete with their own services.

Mobius Enigma said,

Are you seriously comparing an in App advertising API platform to companies adding malware to computers?

In 2012, more Windows 7 users got malware from using Chrome than they did from using all Microsoft products combined, including IE and the OS itself. This is just another example of a Chrome entry point that has been wide open for a while now.

PS The only reason Google restricts 'spam/adware' is that it would compete with their own services.

Go on then, lets see the source for these numbers? I can't find anything that backs up your claims.

Mobius Enigma said,
There is more, and I hope one day you can learn the complexities of Bing/Google to find stuff for yourself.

that will never happen. *some* internet users will always expect to be spoonfed like children.

That source doesn't seem to back up what you said at all. You're reaching too far to claim that having the most vulnerabilities also will result in the most malware installed.

timster Enigma said,

that will never happen. *some* internet users will always expect to be spoonfed like children.

In professional and academic settings it's universally required that you cite sources to back up your claims especially if in question. Are you going to call them children as well?

contriver87 said,

That source doesn't seem to back up what you said at all. You're reaching too far to claim that having the most vulnerabilities also will result in the most malware installed.

In professional and academic settings it's universally required that you cite sources to back up your claims especially if in question. Are you going to call them children as well?

If you or anyone else wants to provide evidence that Chrome was far safer than Windows 7 and IE, please provide anything you have.

In addition to the generic Secunia report I provided, there are several collaborative and follow up reports about which products and their vulnerabilities malware used.

Chrome had the most entry points for malware in 2012 by a huge factor (As the Secunia report shows), and these entry points were also used more than entry points/vulnerabilities in Windows 7 and IE.


This is NOT a professional or academic setting, and when I state something that I remember as fact, I am not going to placate lazy readers with annotations and footnotes.

I get paid to teach and write; I do not get paid to teach or write on Neowin - I provide information voluntarily.

This is not my classroom and even if it was, I would expect any student to research the information themselves if I didn't provide a quick or easy reference.

If they didn't, I would call them lazy children, no matter what their age.


If you don't believe something I said and 'care', go find out for yourself. I am not here to prove what I know, so take it or leave it.


However, if anyone does care about facts and finds that I'm wrong, I'll happily look at any information they provide.

I often take the time to look up claims on posts that attempt to refute information I have provided, whether it is referenced or not, and even when it is anecdotal.

If I'm willing to self research/source claims others are making, they should have the same commitment if they care enough to continue the conversation.

I truly would rather be wrong and provide accurate information to people reading through the comments than be right, especially if I can learn something myself in the process.


Mobius Enigma said,

If you or anyone else wants to provide evidence that Chrome was far safer than Windows 7 and IE, please provide anything you have.

In addition to the generic Secunia report I provided, there are several collaborative and follow up reports about which products and their vulnerabilities malware used.

Chrome had the most entry points for malware in 2012 by a huge factor (As the Secunia report shows), and these entry points were also used more than entry points/vulnerabilities in Windows 7 and IE.


This is NOT a professional or academic setting, and when I state something that I remember as fact, I am not going to placate lazy readers with annotations and footnotes.

I get paid to teach and write; I do not get paid to teach or write on Neowin - I provide information voluntarily.

This is not my classroom and even if it was, I would expect any student to research the information themselves if I didn't provide a quick or easy reference.

If they didn't, I would call them lazy children, no matter what their age.


If you don't believe something I said and 'care', go find out for yourself. I am not here to prove what I know, so take it or leave it.


However, if anyone does care about facts and finds that I'm wrong, I'll happily look at any information they provide.

I often take the time to look up claims on posts that attempt to refute information I have provided, whether it is referenced or not, and even when it is anecdotal.

If I'm willing to self research/source claims others are making, they should have the same commitment if they care enough to continue the conversation.

I truly would rather be wrong and provide accurate information to people reading through the comments than be right, especially if I can learn something myself in the process.


That's funny, all i hear is someone who still hasn't provided any sources that actually back up what they were saying.

You cant just make stuff up and then say, well you can't prove me wrong so I'm right. That's not how it works. If you say something then you have to able to back it up if you want people to believe you. Anyway, three comments later it seems like your not going to so... cya.

Edited by M4x1mus, Jan 20 2014, 11:26pm :

Mobius Enigma said,

This is NOT a professional or academic setting, and when I state something that I remember as fact, I am not going to placate lazy readers with annotations and footnotes.

I get paid to teach and write; I do not get paid to teach or write on Neowin - I provide information voluntarily.

This is not my classroom and even if it was, I would expect any student to research the information themselves if I didn't provide a quick or easy reference.

If they didn't, I would call them lazy children, no matter what their age.

It may not be your classroom, but the burden of proof still lies with the person making the claim. I'll admit that the claim that more Windows 7 users got malware from Chrome than from Microsoft products took me by surprise. I did a quick search to read further into the subject, but I didn't see anything before I had to stop trolling Neowin and leave for work. I too wanted to know where you were getting your information from.

You know, I don't see what the big deal is with providing sources when asked or questioned. We all have little to no authority here on Neowin, so you have to pardon people who don't take what you say as gospel just because you said it. Trying to make is seem like people are lazy, or too stupid to use Google just because they didn't find the same needle that you found in this hay stack called the Internet makes you come off as very pretentious.

What's strange is there's an equivalently named extension from the original author that is still clean, and was updated fairly recently. Perhaps the original maintainer of the extension had enough especially after they've made the ads mandatory.