Fake Chrome LastPass extension leads to unwanted installs

A fake LastPass extension has been found lurking on the Chrome Web Store, offering promises of free and easy password management, but instead taking users for a ride involving website redirections, deceptive ads, and potentially unwanted toolbars.

Inexperienced users are likely to fall for the scheme and download the fake extension as the publisher has perfectly replicated the page offering the legitimate one:

The download numbers say that over 1,800 users were tricked into downloading the fake plugin, as they either didn’t notice or didn’t care that the publisher is not “Lastpass.com” but “AdGetBlock,” and the extension has a poor rating due to many users leaving comments warning about its bogus nature.

Once they installed the fake plugin and ran it, they were redirected to a site that offered a link to download the real LastPass app, “buried” between ads and deceptive download buttons – the only link that leads to the real LastPass is contained in the microscopic “Click here if download doesn’t start automatically” sentence:

The big and obvious download buttons are much more likely to be clicked on, and lead users to a site offering the free download of EasyDocMerge – an app that apparently helps with merging files, offers access to services to convert files to different formats, but also conveniently replaces the default home page, changes search engine preferences, and shows a slew of unwanted ads on websites the user visits. In short, it’s a “browser hijacker.”

Thankfully, Google has already removed the fake LastPass offering from the Chrome Web Store. But those who have installed the fake extension and EasyDocMerge have to remove it from their browsers themselves.

To do that, open the browser, go to Tools > Settings > Extensions, and delete the EasyDocMerge entry. This is also a good time to check the other entries and remote any other that you yourself haven’t installed for a specific reason.