Google Chrome
A fake version of Adblock Plus has been downloaded 37,000 times from the Google Chrome Web Store. geralt/Pixabay

Adblock Plus is one of the most popular browser extensions, with millions of users relying on the add-on to remove advertisements from their web browsing experience. Unfortunately for a number of users, a fake version of the extension for Google Chrome has started to spread.

At least 37,000 people have already downloaded a phony version of Adblock Plus through the Google Chrome Web Store and could be exposed to any malicious behavior the creators of the phony app may want to expose them to.

For users, the fake version of the popular ad blocker is almost indistinguishable from the real extension. The extension looks the same and is presented similarly to the real version. The primary difference that a user could spot is the use of a capitalized “B” in “AdBlock”—the real version uses a lowercase “b” instead.

The fake extension was first spotted by a security researcher on Twitter. The researcher—who goes by the handle SwiftOnSecurity— wrote, "Google allows 37,000 Chrome users to be tricked with a fake extension by fraudulent developer who clones popular name and spams keywords.”

"Legitimate developers just have to sit back and watch as Google smears them with fake extensions that steal their good name," SwiftOnSecurity noted.

Users of the fake version of Adblock Plus complained on the reviews for the extension that it made their browsing experience far worse. One user said the instant the extension was added, Chrome began displaying invasive advertisements and opening new tabs without the user’s permission.

Many users were exposed to the fake extension through Google’s own search function in the Chrome Web Store. By using a number of unrelated keyboards added to the extension’s description, the scammers were able to make the extension pop up in search results for any number of popular queries.

Google has since taken action to remove the fake version of Adblock Plus from the Web Store, but users should make sure the version of the ad blocker they are running is legitimate. This can be done by visiting the official Adblock Plus page in the Chrome Web Store. The real extension is named Adblock Plus (lowercase b) and the developer is The fake extension is AdBlock plus (uppercase B) and the developer is Adblock Plus.

The incident isn’t the first time a fake version of Adblock Plus slipped through the cracks and wound up in Google’s official extension marketplace. A similar situation happened in 2015. As in the more recent case, the attackers behind the 2015 scam used the fake extension to deliver adware onto the machines of victims in order to display fraudulent and malicious advertisements.

Chrome extensions have been used to carry out a number of recent attacks, from an extension that hijacked a user’s CPU to mine for cryptocurrency to a massive spam attack that used a fake version of Google Docs to infect a user’s machine and spread phishing emails to thousands of Google users.