Recently, security experts discovered that one of Google Chrome’s affiliated applications is causing redirects to advertising websites. The issue was noticed after the appearance of countless users’ reports claiming that Google’s extension to mislead them to advertising web pages. It seems that the real fault lies on the Chrome extension which is called Better History. So, when did using Chrome extension become a problem?
The principle of this issue lies in redirecting HTTP traffic through a proxy server. Later on, it generates an additional advertising page and displays it before it lets users reach their desired destination. However, the annoying pop-ups are not the only concern. It has been revealed that the extension can spy on people’s browsing history and collects the data about visited websites. Moreover, the analytics might have been transferred to online advertising companies.
Once the problem was noticed and users started contacting the original author of Better History, the most surprising thing happened – the author sold the extension to advault.net. Initially, it didn’t seem like a suspicious advertising website, but, after some time, the company has started its suspicious activity.
Users have started reporting about emerging ads right after they were convinced to update the Better History version from 3.9.7 to 3.9.8. After the update, the script entitled as “common.js” was planted into their systems. It seems that its task was to monitor browsing history and redirect people to advertising websites. Moreover, it has been spotted that this malicious code has started infecting other extensions, such as Chrome Currency Converter, Web Timer, User-Agent Switcher, Better History, 4chan Plus, and Hide My Adblocker.
The good news is that Google has already terminated Better History. However, users should restrain from using the above-mentioned applications before they are completely restored. Finally, though the main infection is stopped, it would be wise to double-check the system and make sure that the infected file is not inside it. For that, run a full system scan using an anti-spyware program.