These fake ad blockers hid malicious code.
Ad Guard Research reported this:
What if I told you that thanks to poor Chrome’s WebStore moderation the situation is much worse, and in reality over 20,000,000 users are affected and tricked into installing fake malicious ad blockers?…
Now back to the normal language. Here is a list of what this fake ad blocker does.
This code sends back to their server information about some of the websites you visit.
It receives commands from the command center remote server. In order to avoid detection, these commands are hidden inside a harmless-looking image.
These commands are scripts which are then executed in the privileged context (extension’s “background page”) and can change your browser behavior in any way.
Apparently there are several such ad blockers.
Google has removed the ad blockers from its google store.
From Digital Trends:
Google removed a number of fake ad blockers from its Chrome store after an AdGuard researcher discovered that these extensions concealed malicious scripts. The code hidden within these fake ad blocking extensions was used to collect information about a user’s browsing session and to change the browser’s behavior.
Some of these extensions were popular, with one fake ad blocker garnering as many as 10 million downloads. Even the least popular extension, Webutation, had 30,000 downloads.
These malicious ad-blocking extensions merely copied the legitimate ad blocking code from real ad blockers and added its own harmful one.
The malicious code sends the data it collects, including your browsing information, to a remote server. The server then sends a command to an extension that is concealed inside an innocent image, and the commands are executed as scripts to change the way your browser behaves.
To protect yourself, AdGuard recommends that you only download browser extensions from trusted authors and companies. If you don’t know the author, Meshkov recommends skipping the extension. Even if the extension comes from a trusted author, the software could be sold to another party in the future, which could then change the intended use or behavior of the extension.