Following an investigation conducted by internet security experts with AdGuard, Google has removed an assortment of fake and malicious AdBlockers from its Chrome Store, citing how the code hidden within their scripts may have been used to collect unauthorized information from users’ browsing sessions and manipulate the behavior of their browsers.
“All the extensions I’ve highlighted are simple rip-offs with a few lines of code and some analytics code added by the ‘authors,’” said Andrew Meshkov, a security analyst with cybersecurity firm, AdGuard. “Instead of using tricky names they now spam keywords in the extension description trying to make to the top search results.”
Some of the AdBlockers determined to be fake include five-star rated titles like “SuperBlock – AdBlocker” and the ‘trademarked’ “AdRemover for Google Chrome” which has been downloaded some 10 million times before.
Other fake titles include “uBlock – AdBlocker” and the ‘Best Rated AdBlocking Extension’ “SuperBlock Extended: AdBlocker,” which touts over 5 million installs.
How Did They Do It?
As DigitalTrends noted, “These malicious ad-blocking extensions merely copied the legitimate ad blocking code from real ad blockers and added its own harmful one.”
Essentially, the malicious code found in these AdBlocker extensions is capable of sending your information and private browsing data to a remote server, which “sends a command to an extension that is concealed inside an innocent image,” resulting in the command autonomously changing the way Chrome browser functions.
“Basically, this is a botnet composed of browsers infected with the fake AdBlock extensions,” Meshkov wrote, adding that “The browser will do whatever the command center server owner orders it to do.”
Meshkov further noted that since most casual Chrome users will download an extension regardless of its name — so long as it’s close to the top of the list of available options — it’s pretty easy to deceive so many users into downloading them. He noted, however, that all fake AdBlockers identified, which accrued around 20 million downloads combined, have since been removed from the Chrome Store.