A fake Google Chrome extension, present at least since June 2019 on the Chrome Web Store, has been installed by over 200,000 users and is actually adware. Although the program inserted by the extension – the Internet Download Manager – be legitimate, the BleepingComputer denounced on Wednesday (24) the malicious behavior of the software module.

According to the site, once installed, the extension starts opening links to spammy sites, alters the browser’s default search engine, bombards the user with pop-ups asking to download unwanted programs.

O BleepingComputer conducted an investigation into the extension’s malicious behavior after receiving an angry comment from a reader that spoke of a Chrome add-on “running malicious websites by impersonating famous software”. The actual Internet Download Manager is published by the US software company Tonec.

Source: Chrome Web Store/Playback.Source: Chrome Web Store

What does the fake Chrome extension do to the computer?

Initially, the BleepingComputer contacted the New Yorker Tonec, who explained that the authentic extension of its Internet Download Manager is made available under the name of “IDM Integration Module”. In the FAQ, the developer warns: “Please note that all IDM extensions that can be found in the Google Store are fake and should not be used”.

Following the functioning of the pirated IDM extension, experts noticed that they should install an executable from a website called Puupnewsapp which promises to “increase your download speed by up to 500%”, transforming itself into a “supersoftware” to download games, movies, music and “large files in minutes”.

In addition, the “Windows.zip” that is downloaded brings, in addition to the valid and signed version of the legitimate Tonec IDM, a NodeJS, a JavaScript execution environment that adjusts the registry settings of Chrome and Firefox. Malware still change search engine to redirector smartWebFinderwhich may collect browsing data.