Do you have a fake ad blocker installed in Chrome?

These fake ad blockers hid malicious code.

Ad Guard Research reported this:

What if I told you that thanks to poor Chrome’s WebStore moderation the situation is much worse, and in reality over 20,000,000 users are affected and tricked into installing fake malicious ad blockers?…

Now back to the normal language. Here is a list of what this fake ad blocker does.

It hides malicious code inside a well-known javascript library (jQuery).
This code sends back to their server information about some of the websites you visit.
It receives commands from the command center remote server. In order to avoid detection, these commands are hidden inside a harmless-looking image.
These commands are scripts which are then executed in the privileged context (extension’s “background page”) and can change your browser behavior in any way.

Apparently there are several such ad blockers.

Google has removed the ad blockers from its google store.

From Digital Trends:

Google removed a number of fake ad blockers from its Chrome store after an AdGuard researcher discovered that these extensions concealed malicious scripts. The code hidden within these fake ad blocking extensions was used to collect information about a user’s browsing session and to change the browser’s behavior.

Some of these extensions were popular, with one fake ad blocker garnering as many as 10 million downloads. Even the least popular extension, Webutation, had 30,000 downloads.

These malicious ad-blocking extensions merely copied the legitimate ad blocking code from real ad blockers and added its own harmful one.

The malicious code sends the data it collects, including your browsing information, to a remote server. The server then sends a command to an extension that is concealed inside an innocent image, and the commands are executed as scripts to change the way your browser behaves.

To protect yourself, AdGuard recommends that you only download browser extensions from trusted authors and companies. If you don’t know the author, Meshkov recommends skipping the extension. Even if the extension comes from a trusted author, the software could be sold to another party in the future, which could then change the intended use or behavior of the extension.

Good luck.

Spread the love

11 thoughts on “Do you have a fake ad blocker installed in Chrome?

  1. Google has removed them from the store and has been removing them remotely (which they have the ability to do). Meshkov (the guy who wrote the original AdGuard article) has stated they seem to be done with the removal.

  2. Thank you for the heads up.

    I just upgraded to Chrome 66 and am now having issues with Malwarebytes (which just disappeared from my icon tray).

    I also read about Chrome removing trust in Symantec certificates older than some time in 2016.

    Keeping our computers working properly is definitely an iterative process (grin).

    1. Browsers collect history.

      Don’t be concerned about the browsers – be concerned about your ISP. They see everything, incognito window or not, and are quite liberal with what they do with it.

      You can use an alternate DNS address. The relatively new 1.1.1.1 is fast and has been getting good reviews for security.

    2. An alternate DNS would still have to first connect thru the ISP, though it could complicate getting a history.

      Browsers collect history, but not all of them send this history to the mothership.

  3. >The malicious code sends the data it collects, including your browsing information, to a remote server.

    Doesn’t Chrome do this?

  4. Chrome does what essentially every browser does.
    https://www.google.com/intl/en/chrome/browser/privacy/

    Being concerned about personal data is good. Thinking that Google sells the data (which I think is behind mikeN’s comment) is simply foolish: it’s more valuable to them internally than that, and it’s easy to find out what they do with your stuff. The point of the “malware” concern is that, like Cambridge Analytica, the folks who get your data have no qualms about doing anything with it.

    1. I wasn’t thinking of Google selling the data, just that they collect it. This is not the same as all browsers. Google collects your browsing history if you are signed in. I am skeptical that this is not done when you are not signed in.

  5. There is an outfit called “Duck Duck Go” that says that they don’t collect any browsing history while you are using them. Some of you more computer literate than I am will probably be better able to evaluate that claim and its relative utility.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.