Nefarious Developer Buys up Abandoned Chrome Extensions and Injects Them With Adware

Google Chrome is one of the most popular internet browsers around the world. This application works on computers, phones, and tablets. Unfortunately, it is also often targeted by criminals looking to do harm to internet users. In a new effort, malicious developers are buying up abandoned Chrome extensions and turning them into adware projects

Old Chrome Extensions are at Risk

An unidentified company is extending various financial offers to developers who have abandoned their Chrome extension. In some cases, the original developer no longer has the time to maintain the code. Another reason is how there is little innovation left for the extension in its current stage. These people are more than happy to be “bought out,” even if we are only talking about a marginal sum of money.

Given the vast amount of Chrome extensions no longer under active development, malicious users have targeted them. By buying up these abandoned projects, they can take the code and turn it into an adware project. Since these extensions have often been approved by the Chrome Web Store in the past, new versions can get in without too much trouble. Even if that update includes some references to adware, it will often take weeks, if not months, until the extension is reported and removed.

Some of these abandoned projects are still actively used by thousands of users around the world. In one particular case, users started complaining about the Particle extension which suddenly asked for new permissions. There is no reason for most extensions to read and change data on visited websites or being able to manage apps and other extensions. This type of behavior caught the attention of tech-savvy users, who immediately reported the incident.

This particular Chrome extension has been abandoned since May. Someone has successfully purchased the old code and turned it into something far more harmful. Interestingly enough, it appears the original developer could determine his own price for the sale of his project. Considering how there were no plans to continue this project, any financial offer was welcomed with open arms.

A closer analysis of the updated Particle extension source code reveals new code has been added to inject advertisements into all websites visited by the extension’s users. In doing so, the new developer of particle aims to earn a lot of money, although it remains to be seen if that will be the case. It appears the main platforms targeted with these new ads range from Google to Amazon and eBay to Booking.com. 

It appears the person responsible for the updated Particle extension code has done this with other popular Chrome extensions. The Twitch Mini Player, for example, is now riddled with adware code as well. It is expected more extensions will succumb to this over the coming months. The Chrome team will need to address these issues. Removing the extensions from the store is one way of doing it, but that does not help the existing user base.