20+ Million Chrome users affected by Fake Ad-Blockers with Malicious Code

I

Ink

Administrator
Thread author
Verified
Jan 8, 2011
22,490
Content source
https://blog.adguard.com/en/over-20-000-000-of-chrome-users-are-victims-of-fake-ad-blockers/
Adguard Blog: Over 20,000,000 of Chrome Users are Victims of Fake Ad Blockers
Given how popular ad blocking is, it is quite a lot. This also explains why "cloning" wide-spread ad blockers has become so popular among online crooks. Seven months ago big news broke: 37,000 users were tricked into installing a fake Adblock Plus extension.

What if I told you that thanks to poor Chrome's WebStore moderation the situation is much worse, and in reality over 20,000,000 users are affected and tricked into installing fake malicious ad blockers?
Click to expand...

AdRemover's Summary
Now back to the normal language. Here is a list of what this fake ad blocker does.
  1. It hides malicious code inside a well-known javascript library (jQuery).
  2. This code sends back to their server information about some of the websites you visit.
  3. It receives commands from the command center remote server. In order to avoid detection, these commands are hidden inside a harmless-looking image.
  4. These commands are scripts which are then executed in the privileged context (extension's "background page") and can change your browser behavior in any way.
Basically, this is a botnet composed of browsers infected with the fake adblock extensions. The browser will do whatever the command center server owner orders it to do.

I have scanned other extensions on the WebStore and found four more using the very same approach. By the way, two of them are not fake ad blockers, and nothing pointed to them being malicious until I checked the code.
Here is the full list.
Update: UPD (18.04.2018, 13:17 GMT+3): All five are taken down.
 
  • Like
Reactions: CyberTech, ZeroDay, LASER_oneXM and 3 others
mekelek

mekelek

Level 28
Verified
Well-known
Feb 24, 2017
1,661
now those numbers are frightening, took so long to actually spot it is even more frightening.
 
  • Like
Reactions: ZeroDay
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • Thanks
Introducing PCVARK and their malicious ad blockers
Replies
1
Views
1,442
News Archive
Antig
Antig
Gandalf_The_Grey
    • Like
    • Hundred Points
    • Applause
Technology AdGuard Blog: Protecting privacy is one of the top reasons why people use ad blockers — survey
Replies
2
Views
395
Technology News
oldschool
oldschool
vtqhtr413
    • Sad
    • Wow
    • Thanks
Technology Google Chrome change that weakens ad blockers begins June 3rd
Replies
1
Views
559
Technology News
nicolaasjan
nicolaasjan

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top