Adblock Plus and (a little) more

37,000 fooled after ABP imposter gets in Web Store; how to make sure you’ve got the real ABP · 2017-10-10 12:51 by Ben Williams

Apparently there was a phony Adblock Plus app in the Chrome Web Store that 37,000 people downloaded. Thanks to @SwiftOnSecurity for alerting people to this. Now it seems Google has kicked out the phony app.

We’ve been following this story carefully, and were pleased to see how quickly the false extension was kicked out. It’s a bit troubling, of course, that it made it in there in the first place. Because of this we’ve stayed on top of would-be scammers for years now, so that you can trust what you’re getting is actually what you want.

For those who may have downloaded Adblock Plus for Chrome recently, one way to see if you have the real one is by going to Chrome > More Tools > Extensions (see screen grab below). The phony app also shows up as an APP in the store – not as an EXTENSION, as ABP does.

Once you’re there, find Adblock Plus and click Details. That will take you to the Chrome Web Store. Just make sure that the extension you’re seeing says “offered by adblockplus.org.” If so, you’re probably good.

If not — or if you want to remove all doubt — you can reinstall the extension directly from us at adblockplus.org.

Comment [5]

  1. bopoh13 · 2017-10-10 13:53 · #

    90% of users do not look in the address bar.
    I did not have confidence in Google and now I do not. Finish the version for FF57+ with pseudo-elements, pls.

    Reply from Ben Williams:

    We’re working on those. They’re not in this devbuild, but will be by the time of WebExtensions/57.

  2. Michael · 2017-10-10 14:34 · #

    This security breach stinks to “High Heaven”!

    1/ The imposter bypassed Google’s Crackerjack security.

    2/ Google’s didn’t locate the phoney app. Sigh!

    The things that make you go “Hmmmmmmm!”.

    Reply from Ben Williams:

    Got that right :)

  3. Michael · 2017-10-10 15:00 · #

    FF57 shares the same add on system. The fake Adblock Plus ad on, could find it’s way to the Mozilla store. Mozilla’s track record preventing fakes ad ons is p*** poor!

    News Flash! Firefox 57 users privacy is dead as a door nail.

    https://www.ghacks.net/2017/10/06/mozilla-to-launch-firefox-cliqz-experiment-with-data-collecting/

    Reply from Ben Williams:

    Ah, cool, thanks for sharing. We actually try and keep a handle on situations like these using an internal team as well.

  4. bopoh13 · 2017-11-09 14:56 · #

    Thank you, Ben! There is another important point (see the link above): is a most minergate infection of servers. I cann’t disable all scripts at once in ABP. The rule doesn’t work ‘## head > script:nth-child(2)’. How slow will the rule execute ‘.js$script’?

    Reply from Ben Williams:

    Hey, thanks for that.

    You can block all scripts with this filter: *$script or maybe only scripts from third-party domains *$script,third-party

    It’s probably not really noticeable in performance. What you will notice (with both filters, a bit less with the second filter) is that pretty much any site will be broken :/

  5. bopoh13 · 2017-11-10 12:41 · #

    Thx, Ben!
    And let it be broken :) I may add necessary scripts to the list of exceptions. Due to CPU time grabbing, we going to be signing scripts soon ;)

Commenting is closed for this article.