Popular Chrome image viewing plugin HoverZoom infected with malware

 

 

HoverZoom is a popular plugin for Google Chrome that enlarges thumbnails on mouseover, so you can see large images on Flickr or Tumblr without having to click through to each. But the plugin was just updated, and according to a post on Reddit, it's now infected with malware.

Reddit user Kruithne spotted the change, and explained in his post:

The HoverZoom extension appears to be injecting malware scripts into every page you visit. On a brief look over the scripts they appear to be storing information regarding the websites you visit along with data from specific fields on the page. The scripts query the malware site and download any required targeted scripts for the website you are viewing.

In other words, it can capture what you're typing or doing on any site you visit — which is potentially a major problem. It seems this specific code is new to this version of HoverZoom, but it's not the first time they've been accused of similar indiscretions. There was a similar case in March of this year, where it was even spotted inserting affiliate links into Amazon clicks — and that situation lead to the creation of the HoverFree, an alternative to HoverZoom, which has since been replaced by Imagus

HoverZoom is an extremely popular plugin, with more than one million users, and while now the more recent reviews on the Chrome webstore point out its problems, the sheer weight of numbers still gives it 4.5/5 stars. If you're using it, now would probably be a good time to stop.