Google has axed a Chrome extension from its official Chrome Web Store after it was discovered that the extension was hijacking search engine queries, taking users from their search engine of choice and tossing them into the search wilderness, with pages full of toxic ads.
Ostensibly, the extension allows users to queue up multiple YouTube videos, before replaying them in order upon later viewing. However, it also kept a beady eye on users search enquiries, and when they visited a search engine and typed in a request, they were snatched away and deposited on a search engine called 8220;information vine8221; which is full of malicious advertising and full of both affiliate links and other somewhat sketchy ways to make money.
Cyber security fans might recognise Information Vine as a particularly grim bit of 8220;malvertising8221; (that8217;s malicious advertising) spyware from Ask Media, which bounced all search traffic to its page.
Eric Lawrence, a former Google Chrome developer that is now working on Microsoft Edge, posted a video showing the extension in action yesterday, before tweeting some details about the exploit and how it is being used.
As Lawrence points out, the malicious code causing the redirect is currently not shown on the extension8217;s GitHub repository, which makes sense, because that would be almost like admitting they were doing bad things in a public space.
The Register spoke to the original developer of the extension who claimed that he sold the extension several weeks ago, making it look like someone has hijacked the app, just like they hijacked users8217; search engine requests. The fact that such an app has managed to stay in Google8217;s official Web Store while loaded with bad code is a whole other discussion that many web developers are now keen to get into.