Malicious Chrome Extension Masquerading as AdBlock Plus Discovered in Chrome Web Store
On October 9, Google removed a malicious Chrome extension masquerading as AdBlock Plus, a popular and legitimate ad-blocking extension, from the Chrome Web Store after users reported their browsers forcibly opening new tabs and displaying advertisements after installation. The developers of the malicious extension displayed the AdBlock Plus logo and used Unicode characters in the extension ID to bypass Google’s duplicate detection system and fool users into thinking it was the legitimate extension. At the time of detection, over 37,000 users had reportedly installed the extension. The NJCCIC recommends users who have downloaded the malicious Chrome extension uninstall it immediately and run a full malware scan of impacted systems using trusted and up-to-date antivirus software.