Fake ad blockers used for fraud

Written by:
Lucie Sadler
Date Posted:
19 September 2019
Tech News

Malicious ad-blockers

AdGuard, the well known ad-block extension for browsers, reported that a bug had been found this week in two extensions on the Google Chrome Web Store. The two in question are popular ad-blocking extensions that are downloaded and used by millions of users, but are not authentic. 

Ad-blockers are tools used to block and filter online advertising in a browser or application. Browser extensions are mostly used to ensure ads do not ruin the user’s browsing experience and to stop malicious ads in their tracks. 

Faking it 
The two fake extensions are called AdBlock by AdBlock Inc and uBlock by Charlie Lee, which mimic the names of two real ad-blocking extensions, AdBlock and uBlock Origin. Users have reported them as fake, but Google is yet to take action. 

At first the two ad-blockers did what they were supposed to do, and removed ads from web pages. Both of the malicious blockers were based on the basic code of AdBlock, so it was easy to hoodwink users. Then, after around 55 hours, the extensions began to send out a request to a site which allowed them to receive affiliate links. 

Cookie stuffing
AdGuard suggests that the real purpose of these fake ad blocking extensions is for ‘cookie stuffing’, which is used as an ad fraud scheme. The creators stuff them with affiliate cookies, so that when users visit ecommerce sites such as Amazon to buy something, the creators of the extensions get paid the affiliate commission for the item. 

At present the two ad-blockers have 1.6 million users and are using them to stuff cookies from 300 top websites. AdGuard believe that the creators are making millions of dollars a month in commission from this fraudulent exercise. The owners of the affiliate schemes should be able to be traced to the payment source, which hopefully will uncover the people behind the fake ad-blocking. 

Increasing security
AdGuard has said that they do not believe Google’s proposed plans to increase user security and privacy, as it will not solve the common problem with fake extensions and applications in the Chrome Web Store. They call for Google to put more focus on improving and reviewing submissions to ensure that these malicious extensions do not go live in the store without intensive testing. 

AdGuard recommends that users should only install extensions directly from the developers’ website, rather than from the Chrome store. There is almost no review process for adding extensions, so the likelihood of them being fake is very high.

We advise anyone using the ad blockers mentioned above to remove them immediately and run a full antivirus and system scan on their computer. 

Were you caught out by the fake ad blockers? Let us know by tweeting us @hyve!

Rating: 5.0/5. From 1 vote.
Please wait...
Voting is currently disabled, data maintenance in progress.

Recommended Videos

Find out why Safestore adopted Hyve as their hosting provider

Case Studies

Hyve are 100% carbon neutral. We use carbon offsetting to balance out the release of carbon dioxide from our offices and infrastructure.