More than 20 million Chrome users installed fake malicious Ad Blockers

Share this…

Ad Blockers hurt the earnings of a website at the same time it lets users browse the Internet without the hassle of closing irritating popup ads and getting redirected to scammy sites that bombard users with spam during the process.

Google, on the other hand, is home to some of the most innovative applications and products but at the same time, the technology giant is poor at keeping them secure from malware and other malicious attacks, information security experts said. The same goes for its Chrome browser that is being used by over 1 billion people on desktop and Android devices.

chrome-ad

In a report, information security researchers at Adguard software Limited have revealed that Google’s Chrome browser is a hub to tons of fake extensions especially malicious Ad Blockers. So much so that currently, according to Adguard, there are more than 20 million Chrome users who have installed fake Ad Blocker extensions on their browser – Thanks to poor security implementation by whoever monitors Chrome’s WebStore.

One of the examples of how these fake extensions have become a part of our online life is the “AdRemover for Google Chrome” extension with over 10 million users. On further inspection, Adguard researchers discovered two .txt files containing obfuscated scripts keeping a track of every request made by the unsuspected victim’s browser.

Adguard information security researchers have labeled it as a “natural botnet” comprised of millions of infected browsers that can be or already being used to steal personal data of Chrome users and sending it to command and control center (C&C) by hiding its attack inside the harmless-looking image.

“This hidden script was listening to every request made by your browser and compared with md5(url + “%Ujy%BNY0O”) the list of signatures loaded from coupons.txt. When the said signature was hit, it loaded an iframe from the domaing.qyz.sx passing information about the visited page and then re-initialized the extension. For instance, one of these signatures corresponded to https://www.google.com/,” researchers noted.

Nevertheless, there are four other fake Adblockers on Chrome Webstore currently following the same path as AdRemover for Google Chrome extension.

chrome fake

  • Webutation (Currently installed by more than 30,000 users)
  • HD for YouTube (Currently installed by more than 400,000 users)
  • Adblock Pro (Currently installed by more than 2 million users)
  • uBlock Plus (Currently installed by more than 8 million users)
  • AdRemover for Google Chrome (Currently installed by more than 10 million users)

Adguard information security experts has already informed Google about the presence of malicious Adblockers on Chrome Webstore however at the time of publishing all above-listed extensions were still available for installation. Therefore, if you are using any of these Adblockers it is advised to get rid of them right now.