UPDATED 21:51 EDT / APRIL 18 2018

APPS

20M+ Chrome users exposed to fake data-stealing ad blockers

More than 20 million Google Chrome users may be using fake ad blocking software.

That’s apparent after a security researcher found five examples that while actually blocking ads as advertised, stole user information and manipulated web browsing instead.

The discovery, made by AdGuard Software Ltd. researcher Andrey Meshkov Tuesday, involved fake ad blocking Chrome extensions that used code stolen from legitimate ad blocking services, such as AdGuard itself, bundled with additional nefarious code.

That code varied among the fake ad blockers, but in the most prominent example included text files with obfuscated scripts that could keep track of every request made by the victim, as well as the ability to communicate with a command-and-control server to send data back to the browser.

Fake extensions and applications are not a new problem, as is seen time and again when it comes to Android apps. Where this incident differs is the success of those behind the fake Chrome extensions not only to have them listed but also to get them into the top positions in the Chrome Web Store search results.

Explaining that while previously those behind malicious apps in the Chrome Web Store would usually use other companies names, Meshkov said that they have “got smarter now” in that “instead of using tricky names they now spam keywords in the extension description trying to make to the top search results. Apparently, being in the top is enough to gain trust of casual users.”

The most popular app, named AdRemover for Google Chrome™ (with the trademark tag for added legitimacy) had been downloaded more than 10 million times, while the next two fake apps came in at 8 million-plus and 2 million-plus installations each.

Google moved promptly to remove the malicious apps from the Chrome Web Store. But the mere fact they were not only listed but ended up being the top rated results, rightfully raises questions about Google’s filter process for the store.

“With the current state of things, surfing through the Chrome’s Web Store is like walking through a minefield,” Meshkov concluded. “So here’s my advice: If you want to install an extension, think twice. And then think twice again.”

Image: AdGuard

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.