Thursday, 2 April 2015

Google kills 200 ad-injecting malware Chrome extensions

Google kills 200 ad-injecting malware Chrome extensions

Google is shutting down ad-injecting extensions for its Chrome browser after finding that almost 200 of them exposed millions of users to deceptive practices or malicious software.

Google researchers teamed up with colleagues from the University of California at Berkeley and conducted a study which found that one third of the Chrome extensions that inject ads were malware. The researchers uncovered 192 deceptive Chrome extensions that affected 14 million users. Now the internet giant has killed those extensions and incorporated new techniques to catch any new or updated extensions that have similar malware

The researchers also found that there was a widespread use of ad injectors for multiple browsers on both Windows and OS X computers. Google found that five percent of people visiting Google sites have at least one ad injector installed. They released that within the group itself, at least half had two injectors installed, and about one-third have at least four injectors installed. Although the Google officials haven't barred such ad injectors outright, but have started placing restrictions on them.

In the Terms of service for Chrome extensions, Google has clearly stated that ad-injecting behavior must be clearly disclosed. Customers of all Google-operated ads services must also comply with policies barring unwanted software.

Earlier this year it was discovered that Lenovo had sold computers that came preinstalled with adware from a company called Superfish. The software injected ads into search results, hijacked encrypted Web sessions and made users vulnerable to man-in-the-middle attacks that could completely bypass HTTPS protections.