Follow The Safe Mac on Twitter to stay advised of the latest Mac security news!
Posted on June 19th, 2014 at 7:55 AM EDT
One of my readers was recently having problems with advertisements being injected into web pages, and none of my ad removal instructions or my Adware Removal Tool helped. After almost a week of working on the problem, it turned out to be caused by one particular Safari extension: Awesome Screenshot. Of course, this led to a whole new kind of investigation!
I visited the Awesome Screenshot website, which is extremely polished and professional-looking. It also seems to be quite respectable… it can be found on Apple’s Safari Extensions page, has been rated 4 out of 5 stars on the Mozilla add-ons page, and in the Chrome web store it has been given 4.5 out of 5 stars by more than 35,000 people. This seems like something that should be okay, especially since I couldn’t duplicate the ads when testing in a controlled environment. However, there was no arguing with the results my reader had.
So, I began to dig a little deeper. I started by examining the source code for the Awesome Screenshot Safari extension. I’m hardly an expert at analyzing Safari extension source code, but it didn’t take long to find some very concerning things.
This was concerning, but wasn’t proof of anything, since the function of this code was so thoroughly hidden. However, I then found a set of scripts that seemed to belong to a company called Presto Savings. This code has a number of functions that inject code into web pages… something that a simple screenshot extension should not be doing.
The Awesome Screenshot site does not indicate anywhere that advertising is going to be used, nor does the description on Apple’s Safari Extensions site. On the Chrome web store, the description also does not mention advertising, although it does make a vague reference to an “optional search enhancement feature,” of which the developer says, “Since many users don’t like it, we remove this feature.”
The only place where the developers reveal this behavior is on the Mozilla add-ons page, where the description of the extension includes the following:
This extension also integrate some additional features such as “Discover Similar Sites” and “Price Comparison While You Shop.” These are value-added features, and definitely are not “Malware” or “Adware” as some may mistakenly believe. Please also note that these features are disabled by default unless you enable them.
Most users would not agree that these are “value-added” features, and it’s clearly not the case that all these features are disabled by default in Safari, at least, where the “price comparison” feature is enabled by default:
In all, if the Awesome Screenshot website had owned up to its advertising ways right up front, I’d have had no problem with it. If a user wants to knowingly install a program that has a setting to allow ad injection, that’s his or her business, not mine. However, when a program’s website does not make any mention of ad injection, and the injection is turned on by default, that’s enough for me to classify this as adware. I have, therefore, updated my Adware Removal Tool to find and remove Awesome Screenshot.