Picture this scenario: A software developer creates a great program and it gets lots of excellent reviews. Lots of people install it and find it useful.
Years pass and the developer becomes tired of updating it and has had enough. They decide to get rid of it and instead of shutting it down, they decide to sell it instead.
Someone new takes over the software and adds adware or even malware, then pushes it out to people as an update. Because it is trusted software, everyone installs it and consequently becomes infected with the adware or malware.
This does actually happen and recently a Chrome extension was found to be redirecting people to a really bad website containing malware or adware whenever they tried to perform a search. The full story is on The Register and it appears that the original extension author sold the program several weeks ago.
This is not an isolated incident and it happens elsewhere, not just with Chrome extensions. It has happened to WordPress plugins and website owners have updated their plugins only to find that they have now been infected with malware or are exposed to hackers.
What can you do about it? Nothing really, apart from keeping your eyes and ears open for news of this sort of thing and uninstalling the extension, app or plugin immediately.
© 2019 R.A.Waddilove