How do the Chrome Store's malicious ad blockers show the duplicity that end users face in cybersecurity?

Q:

How do the Chrome Store's malicious ad blockers show the "duplicity" that end users face in cybersecurity?

A:

The recent rash of malicious ad blockers dropped from Google's Chrome Store shows how difficult it is to shield end users from deceptive types of hacking.

The tech press widely reported that over 20 million users had installed some form of one of these fake ad blockers before Google decided to yank them from the inventory. ZDNet provided a breakdown where one product, AdRemover for Google Chrome, was utilized by over 10 million users, with another variety, uBlock Plus, garnering 8 million users and a fake AdBlock Pro getting more than 2 million users.

After cybersecurity experts discovered malicious features in the cloned ad blockers, Google decided to remove many of the worst offenders. But people are still talking about how lackluster vetting can produce additional dangers for customers.

At issue is the Google Chrome extension – a type of small software program that users can add to Google Chrome to enhance how the browser works. Extensions are distributed through the Chrome developer dashboard and they are published to the Chrome Web store – but some are saying that without more involved screening for these third-party products, more end users could see their systems jeopardized.

Part of the deceptive nature of these new types of hacking is that hackers prey on the idea that users have to safeguard their systems. An ad blocker or anti-malware program seems like it's intended to enhance security, not detract from it. The issue lies in what happens behind the scenes, and how hackers clone, imitate and hijack legitimate systems, names and techniques to befuddle their targets.

It's a little like another major hack making its way around the consumer community now. Many PC users have heard a warning voice suddenly screech out of their laptop or desktop computer talking about how they could harm files or destroy systems if they don't do certain immediate tasks. The irony is that this message is intended as a phishing attempt and does not constitute a legitimate cybersecurity alert.

With all of this sophisticated hacking in the mix, end users will have to get more educated on how to maintain their systems. The arms race between hackers and security professionals is only going to heat up as new artificial intelligence and machine learning technologies make their way to the scene. Problems like those recently highlighted with the Google Chrome store reveal how important it is to have universal and consistent safeguards for a community of users.

Have a question? Ask us here.

View all questions from Justin Stoltzfus.

Share this:
Written by Justin Stoltzfus
Profile Picture of Justin Stoltzfus
Justin Stoltzfus is a freelance writer for various Web and print publications. His work has appeared in online magazines including Preservation Online, a project of the National Historic Trust, and many other venues.
 Full Bio