Recent investigations have revealed that many extensions exploit vulnerabilities to manipulate search rankings by using misleading descriptions and irrelevant keywords. This strategy disrupts search results with unrelated or suspicious extensions, while legitimate ones are buried in irrelevant listings.

Language loophole

This manipulation depends on the multilingual support. Developers can specify localized descriptions for their extensions using any of the supported languages. Some developers exploit this by stuffing keywords targeting competitors or popular terms into fields of less commonly used languages such as Swahili or Estonian. These keywords subsequently influence global search results, even in unrelated languages like English.

For example, searching for " " initially displays unrelated extensions such as discount finders at the top, while legitimate extensions are buried at the bottom. Extension programs employ various methods to manipulate search results in the online app store:

  1. Extensions will change their names in various languages to include popular or competitive terms.
  2. Irrelevant keywords have been added to the description of a specific language.
  3. Using incomplete or meaningless translations, often containing large sections of irrelevant English text.
  4. Hijack search visibility using competitor product names.

Although Google's policies explicitly prohibit spam and abusive behavior, enforcement is lax. Some of these abuses were reported as early as [year], and Google has made some adjustments, but the problem persists.

Online App Store Abusers

The analysis of multiple suspicious extensions revealed distinct clusters of developers adopting this strategy.

  • Kodice LLC/Karbon Project LP/BroCode LTD:这些俄语开发人员自 2023 年以来就以向 Chrome 网上应用店发送垃圾邮件而闻名,他们使用误导性的名称、描述和关键字。他们的一些扩展程序与间谍软件和联盟欺诈有关。

  • Toolbox Cluster:该组织最初于 2023 年被标记,因劫持搜索和重定向用户而受到攻击,该组织在新的扩展中使用混淆代码继续进行类似操作。

  • ZingFront Software/ZingDeck/BigMData:这家总部位于中国的公司由百度风投支持,拥有超过 223 个扩展。它通过基于订阅的高级功能利用 AI 实现盈利。

  • other group:ExtensionsBox、Lazytech 和 Yue Apps 等群组的运作方式类似,通常与讲中文的开发人员有关。

Researchers recommend limiting searches to the language range selected by users to eliminate keyword stuffing, conducting regular audits of known clusters, and penalizing developers who repeatedly exploit vulnerabilities.

Regarding what users can do to ensure safety under the current circumstances, it is recommended to verify the developer and read user reviews before installing additional components, avoid granting excessive permissions, and report suspicious extensions.

扩展程序如何欺骗 CWS 搜索
https://palant.info/2025/01/08/how-extensions-trick-cws-search/

author-gravatar

Author: Emma

An experienced news writer, focusing on in-depth reporting and analysis in the fields of economics, military, technology, and warfare. With over 20 years of rich experience in news reporting and editing, he has set foot in various global hotspots and witnessed many major events firsthand. His works have been widely acclaimed and have won numerous awards.

This post has 5 comments:

Leave a comment: