Over 20 million Chrome users have installed fake malicious Ad Blockers

Ad Blockers play a vital role in hurting the earnings of a website at the same time it lets users browse the Internet without the hassle of closing irritating popup ads and getting redirected to scammy sites that bombard users with spam during the process.

Google, on the other hand, is home to some of the most innovative applications and products but at the same time, the technology giant is poor at keeping them secure from malware and other malicious attacks. The same goes for its Chrome browser that is being used by over 1 billion people on desktop and Android devices.

In a startling report, researchers at Adguard software Limited have revealed that Google’s Chrome browser is a hub to tons of fake extensions especially malicious Ad Blockers. So much so that currently, according to Adguard, there are more than 20 million Chrome users who have installed fake Ad Blocker extensions on their browser – Thanks to poor security implementation by whoever monitors Chrome’s WebStore.

One of the prime examples of how these fake extensions have become a part of our online life is the “AdRemover for Google Chrome” extension with over 10 million users. On further inspection, Adguard researchers discovered two .txt files containing obfuscated scripts keeping a track of every request made by the unsuspected victim’s browser.

Adguard researchers have labeled it as a “natural botnet” comprised of millions of infected browsers that can be or already being used to steal personal data of Chrome users and sending it to command and control center (C&C) by hiding its attack inside the harmless-looking image.

“This hidden script was listening to every request made by your browser and compared with md5(url + "%Ujy%BNY0O") the list of signatures loaded from coupons.txt. When the said signature was hit, it loaded an iframe from the domaing.qyz.sx passing information about the visited page and then re-initialized the extension. For instance, one of these signatures corresponded to https://www.google.com/,” noted researchers.

Nevertheless, there are four other fake Adblockers on Chrome Webstore currently following the same path as AdRemover for Google Chrome extension. The list of all fake malicious Adblockers is available below:

Over 20 million Chrome users have installed fake malicious Ad Blockers
Screenshot credit: Adguard

Adguard has already informed Google about the presence of malicious Adblockers on Chrome Webstore however at the time of publishing all above-listed extensions were still available for installation. Therefore, if you are using any of these Adblockers it is advised to get rid of them right now. 

For more technical details visit Adguard’s blog post.

Not for the first time

This is not the first time when scammers have placed fake Adblocker extension on the Chrome Webstore. In October 2017, 37,000 users were tricked into downloading fake Adblock Plus extension. Moreover, In August last year, 7 Chrome extensions were compromised by hackers to conduct malvertising campaign while Google’s security made a laughing stock of itself.

Update: 

Google has removed all fake Adblockers identified and reported by Adguard.

Note:

We at HackRead employ over 10 writers and serve millions of readers a month – but we can not do that for free. We have made a point of never allowing auto-playing videos or ads that obscure content. Please support us by whitelisting https://www.hackread.com/. Thank you!

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.