152 Chrome Wallpaper Extensions with 105K Installs Linked to Adware and Fake Traffic

Cybersecurity researchers identified 152 Google Chrome extensions, collectively installed 105,000 times, that distribute adware and generate fake traffic. These extensions, operating under 38 distinct Chrome Web Store publisher accounts, function as live wallpaper add-ons for new tabs. The malicious activity is linked to three backend domains: tabplugins[.]com, yowgames[.]com, and chromewallpaper[.]com. The researchers from the cybersecurity firm Avast detailed in a blog post published on May 23, 2024, that these extensions are designed to install a Potentially Unwanted Program (PUP) family. This PUP family is capable of redirecting users to malicious websites, displaying intrusive advertisements, and artificially inflating website traffic metrics. The extensions were found to be actively pushing these unwanted programs to users who installed them, posing a significant risk to their online security and privacy. The discovery highlights a persistent threat within browser extension marketplaces, where malicious actors exploit user trust to distribute harmful software.