Google has removed two ad-blocking extensions from the Chrome Web Store because they were caught collecting user data.
The news came from Reddit, through the report of a user, Jammed_Death, who shed light on some strange behavior recently detected on the two offending extensions — Nano Adblocker and Nano Defender.
Like any other ad blockers, they were installed to block unwanted ads and banners on websites but the malicious code for collecting data was added to the extensions in early October 2020, when the author of Nano Adblocker and Nano Defender sold both extensions to some “Turkish development team.”
Interestingly, the new owners did not even change the name of the author, clearly trying to hide the fact of the sale, so that the true cause of the appearance of the malicious code was more difficult to detect. Nano Adblocker had over 50,000 installations, while Nano Defender had about 200,000.
However, after the sale, many users, including the creator of the uBlock Origin blocker Raymond Hill, found that the behavior of the extensions had changed by no means for the better.
“The extension is now designed to lookup specific information from your outgoing network requests according to an externally configurable heuristics and send it to https://def.dev-nano.com/.” — explains Hill in HitHub issue announcent.
According to the original developer, the best way to get rid of the problem would be to remove the two extensions immediately. In the meantime, he himself has reported the add-ons to Google as malware, thus initiating an automatic removal procedure by the browser.
It should be noted that the Firefox versions of Nano Adblocker and Nano Defender do not and have never contained malware, since they were not sold and are generally managed by another developer.