storm troopers

ad blockers

Google has recently killed five top-ranking ad blockers after AdGuard published a report that indicated they’re fake extensions.  What might be the worst part is that the fake extensions are loaded with extra code that harvest information on the websites that you visit.  So they’re tracking you and not actually blocking the ads.  The ad blockers apparently send the data that they’ve collected to remote servers in order to manipulate Chrome’s behavior.  AdGuard describes it as, “a botnet composed of browsers infected with the fake ad block extensions.  The browser will do whatever the command center server owner orders it to do.”  This is really bad, don’t you think?

Fake ad blockers aren’t new.  They’ve been around since 2017, at least.  Last year 37,000 people installed a fake AdBlock Plus created by a fraudulent developer who clones popular name and spams keywords.  Again, this is really bad.  Like that AdBlock Plus imposter, the ones AdGuard discovered also spammed keywords to get to the top of the search results.  Their creators simply ripped off legitimate extensions and added a few lines of malicious code hidden inside images.  They didn’t even come up with creative names for their fake products.

ad blocker

My concern with this is that it’s being allowed.  I realize that Google has pulled them from the Chrome store, but how did they get there in the first place?  How are these kinds of extensions allowed to be created?  I think that this is a big issue, especially in today’s world where we have to be careful about who has our data and how it’s being used.  It feels like we have to be extremely diligent with everything that we do online now.  Much like what Facebook did to millions of users, it feels like we are being duped.  And it’s not like these things aren’t available for the taking. And they are.  Users don’t want to scroll through lists of hundreds of ad blockers, so they grab one from the top of the list.

According to AdGuard, the fake ad blockers managed to trick over 20 million users into installing them. So, how can you avoid fake extensions going forward? AdGuard says the best way to protect yourself is to check an extension’s author and making sure that it’s a company you can trust.  What does a typical fake ad blocker do, exactly?

ad blocker

  1. It hides malicious code inside a well-known javascript library (jQuery).
  2. This code sends back to their server information about some of the websites you visit.
  3. It receives commands from the command center remote server. In order to avoid detection, these commands are hidden inside a harmless-looking image.
  4. These commands are scripts which are then executed in the privileged context (extension’s “background page”) and can change your browser behavior in any way.

 

According to AdGuard, the following ad blockers were found to use this malicious approach:

  • AdRemover for Google Chrome
  • uBlock Plus
  • Adblock Pro
  • HD for YouTube
  • Webutation

If you’ve used any of these adblockers, you should remove them immediately.  Like I said, this is an incredibly horrible thing to do.  Between this, and what Facebook has done, many people are going to think twice about downloading extensions or even participating in online platforms.

One thought on “Fake Google Chrome Ad Blockers Could Put You and Your Data at Risk”

Comments are closed.