Spammers use the themes section of the Chrome Web Store, the official store for Chrome extensions and themes, to push dodgy streaming subscriptions.

The Chrome Web Store returns extension and theme matches when you search for something. If you search for a recent movie title on the web store, you get matching extensions and themes returned.

While you'd expect themes to just return themes based on movie scenes, characters or posters to you, you probably don't expect these themes to push subscriptions for dodgy streaming services on the Internet.

That's what is happening right now, however, in the Chrome Web Store, and it is not the first time that Google's official Chrome Web Store has been abused. Google had to pull ad-injecting, crypto-mining, copycat, and other abusive extensions from the Store in the past.

Img

Some of the "watch a movie" themes have thousands of users and have been in the Store for months. It appears that Google's automatic controls don't work properly in this regard and that the reporting functionality that the company built into the Store does not help either.

The title of the themes suggests to Chrome users that they may watch the movie for free and often in high definition. The description of the add-on is filled with keywords but no links, and it seems more of a copy and paste job than anything else.

The website and "offered by" links point to fake streaming portals that have just one purpose; to get users to click on the watch or download buttons. As soon as users do that, they are taken to another web page that promises free registration and direct access to thousands of movies after registration.

The ones that I checked out asked for payment information and while they promise that users are not charged for signing up, reports on the Internet suggest that this is not always the case.

It should be clear that signing up for any of these services may not be the cleverest course of action; you may be charged by these services and since they are not legal, may even face legal issues if law enforcement or companies find your information in the database of such a service.

The installation statistics that Google displays for themes and extensions suggests that thousands of users have installed these themes. It is impossible to tell how many of those have signed up for an account on one of the streaming sites.

If you thought that reviews on the Store might prevent users from installing spam themes and extensions, you may find it surprising that ratings and comments are not all negative. While most themes used to push dodgy streaming services don't have a five out of five star rating, they don't have one star (the lowest rating) either. It appears that fake reviews are used to push the rating of these themes.

I did not install any of the themes and can't say if they have a malicious component as well that executes on installation. If you are looking for movie themes, you find plenty of legitimate themes in the Store.

Closing Words

The new theme spam problem of the Chrome Web Store is not the first and most likely not the last issue that users of Chrome face when they use the official Store. Google has been playing catch-up with spammers and criminals for a long time and it seems that this won't change anytime soon.