back to article Google burns down more than 500 private-data-stealing, ad-defrauding Chrome extensions installed by 1.7m netizens

Google has removed more than 500 Chrome extensions in response to a report from a security researcher, who found the browser plugins distributed through the Chrome Web Store facilitated ad fraud and data theft. Using a free extension forensic analysis tool called CRXcavator, released last year by Cisco's Duo Security, …

  1. Snake Silver badge

    Excellent job, Google

    on maintaining your security from Day 1. You should be proud of your team's work.

    (If you couldn't recognize the /s, I'll put it in here now)

    1. bombastic bob Silver badge

      Re: Excellent job, Google

      heh, and with the end-users actually not seeing the ads, I wonder if google was making ANY money at all via the mal-vertising, skimming a bit off the top along with the scammers.

      End user: "I sure am seeing a lot of XXX e-mail in my inbox. I wonder who thinks I actually need this stuff..." [but the ads were being "clicked on"] [meanwhile the advertisees were billed for a 'click'] [and where did that money go again? did Google get any?]

      1. John Brown (no body) Silver badge

        Re: Excellent job, Google

        Yes, it rather smacks of the deluge of spam phone calls these last few years. The recipient telco gets the termination fee so have little incentive to stop them.

        1. cb7

          Re: Excellent job, Google

          If the recipient telco's customer database wasn't leaked in the first place, the spammers wouldn't have any names and numbers to use as a dialling list.

          Bu I agree there appears to be no incentive for the telcos to do anything. Perhaps an investigation and massive fine from the ICO would make them pay more attention... But short of bringing their call centres all back on-shore, not sure there are any other solutions. Meanwhile all existing records are loose anyway...

    2. JohnSheeran

      Re: Excellent job, Google

      Wow, I guess it's a lot easier to do these things than the huge corporations make it seem. Have you considered starting your Compuglobalmeganet company and doing it right?

  2. Anonymous Coward
    Anonymous Coward


    "which, if true, suggests Google's security scanning for extensions, at least up to this point, hasn't been particularly sophisticated."

    So, pretty much like the worthless "Play Protect" on Android which turns a blind eye (more like both eyes) to pre-installed malware pushed on to the devices by manufacturers, data providers, world+dog.

    ^^^^(Excellent work by Maddie Stone in the link above)^^^^

  3. Wade Burchette

    Next up

    Next up ... stopping notification spam. I've seen a lot of computers -- both Windows and Mac -- filled with notification spam. People are tricked into allowing notifications from dodgy websites. Notification spam can be just as bad as malvertising extensions.

  4. MachDiamond Silver badge

    An aversion to competition?

    Big data gets to be less valuable if everybody has equally good files on persons of interest.

  5. Version 1.0 Silver badge


    So the crime here is that they were sealing the data from users that Google is collecting and selling? The advertising business has become a swamp, "users" are just little bits of data floating on the surface and big hippos and alligators swim around looking for the best bits to eat.

    1. Pascal Monett Silver badge

      Re: LOL

      Yup, they were guilty of the absolute treason : costing Google money without the actual eyeball action included.

      They were also guilty of redirecting to malware sites, so there's that.

      But it's essentially lèse-majesté to profit from Google. Only Google profits.

      1. doublelayer Silver badge

        Re: LOL

        I wonder--it seems unlikely that Google lost money due to these. In fact, if they used Google ads at any point, Google probably got some as an indirect result. The ones who lost were the people advertising, and they could theoretically have a claim against Google for being negligent in the prevention of crime and possibly possession of money obtained unlawfully if it can be proven that Google failed to prevent the fraud in a timely manner. It would be nice to see this investigated. So that'll never happen.

  6. Rich 2 Silver badge

    “the Chrome extension creators had specifically made extensions that obfuscated the underlying advertising functionality from users”

    And how does this differ from what googles (and faecesbook and the rest of the usual suspects) do on an hourly basis? They’re all scum. The lot of them

  7. Robert Grant Silver badge

    As long as the DuckDuckGo browser extension still works

    I love that thing

    1. RegGuy1 Silver badge

      Re: As long as the DuckDuckGo browser extension still works

      Oh yes. DuckDuck every time.

      Plus only log in with real details to any site when you need to, and then log out again. Better to use an anonymous account if you can. If you do use a real account (one that means they can get money off you if they steal the credentials) then don't save them in the browser.

      Use Adblock Plus and No Script, and delete ALL your cookies on exit. Then make sure you exit the browser at least once per day.

      None of the above guarantees security, but at least you can make it a little harder for the bar stewards to get anything useful off you.

  8. Claverhouse Silver badge
    Black Helicopters

    There Can Be Only ONE !

  9. The obvious


    private-data-stealing and ad-defrauding is OUR job.


    the all-seeing googly eye.

  10. Reginald Onway


    "malicious extensions appear to have been designed to operate unobtrusively and generate ad revenue by redirecting the victim's browser to a series of host sites – almost all hosted on AWS..."

    Based on my experience, AWS is a favorite hiding place of all manner of evil doers these days. Maybe it's a little too easy to get an account and Amazon is way too lax in policing their users.

    Or, maybe that's just the way it is...we are all corporate sheep waiting our turn to be fleeced.

    1. John Brown (no body) Silver badge

      Re: Bah!

      "Based on my experience, AWS is a favorite hiding place of all manner of evil doers these days. Maybe it's a little too easy to get an account and Amazon is way too lax in policing their users."

      Isn't that why megaupload got shut down?

      1. Aitor 1 Silver badge

        Re: Bah!

        Yes, but he had the wrong nationality.

  11. quartzz

    can someone tell me, IF, there is a cookie manager for chrome? I've looked. can't find. Firefox you can sort by "last date accessed" which makes deleting anything that hasn't been used recently fairly easy

    1. JCitizen

      Cookie manager??

      Well, the closest thing to that I can think of is the cookie vault in CCleaner - you can put the cookies you want to keep in the vault and when cleaning, it will leave those alone. But you have to close the browser to do the cleaning, I've noticed since I started using DuckDuckGo on Chrome, I have way fewer cookies to clean each time. DDG has granular control of what you want to block on each site and it remembers that. I think it is way better even, than NoScript!

  12. Neil Barnes Silver badge

    Surely this kind of thing is only to be expected?

    As long as you have an ecosystem that bids for viewer eyeballs, and pays with real cash dollars for alleged views - whether real or fake - then there are going to be people who try and game the system; parasites if you will.

    Because the majority of the internet, as far as I can see, is no more to do with what the user wants to see than as a vast charging system on that very viewer, due to the advertising product on everything he buys.

    If that infrastructure were not in place, there would be no need for the advertisers' desperate attempts to track out every movement, our likes and dislikes, just so we can have the perfect advert stopped dead by uBlock or its friends.

  13. Bachelorette

    Google already requires a credit card on file for extension developers

    Google already requires a credit card on file for extension developers. Why not track down the developer and prosecute them by the law!

    And how do other extensions like uBlock Origins, PhartShield, NoScript fair in terms of privacy compared with these extensions?

    1. Velv

      Re: Google already requires a credit card on file for extension developers

      I’m not sure it could be proven in court that they have broken any law.

      They’ve probably broken the T&Cs, but is there hard evidence of anything else? Not saying it’s right, but what can you do.

      1. doublelayer Silver badge

        Re: Google already requires a credit card on file for extension developers

        The extension developers could be found guilty of fraud as they alleged true visitors when there weren't any. As for finding these developers, I'm guessing they used a prepaid credit card without a name on it. Either that or a stolen one (I'm not sure if they ever had to pay with it). Some criminals are dumb enough to use their own ID, but ones that set up a fraud operation using so many site copies probably go to the relatively minor effort of getting an anonymous one.

  14. Solly


    Can someone combine this with Adblock, so I don't get that annoying disable adblock to continue guff...

  15. dnicholas


    Only Google are allowed at the trough

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022