1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

AdGuard reports that 20 million Chrome users have malware infected ad blockers

By Cal Jeffrey · 26 replies
Apr 19, 2018
Post New Reply
  1. On Tuesday AdGuard Research revealed that as many as 20 million Chrome users have been tricked into downloading and installing fake ad blocking extensions.

    According to researchers, the extensions are nothing more than “rip-offs” or clones of legitimate ad blockers that hackers have embedded with malicious code then renamed. They use names similar to popular extensions like “Adblock Plus Premium” and “Adguard Hardline” to get them ranked higher in searches and to fool users into thinking they are additional offerings from famous brands. Even AdGuard itself has been spoofed.

    The company says that there is not much that can be done about these fakes other than filing trademark complaints with Google to have them taken down. However, this takes a few days in which time thousands of people can still download the malware.

    This is a problem because of the five fake extensions that the AdGuard looked at; the least popular one had been downloaded over 30,000 times. Another had been grabbed by unaware users more than 10 million times. All totaled, the five fake extensions have been installed on over 20 million browsers.

    AdGuard notified Google of the bogus extensions and as of today they have been removed from the Chrome Web Store. However, there could still be others floating around. So be warned.

    According to AdGuard’s Andrew Meshkov, the malware collects and sends browsing history and other personal information to a server. The server then sends commands to the browser within a weird, but seemingly innocent image. The browser then executes the scripts contained in the picture.

    “Basically, this is a botnet composed of browsers infected with the fake adblock extensions. The browser will do whatever the command center server owner orders it to do,” said Meshkov.

    I am not even going to pretend that I know how these beasts actually work, but if you are curious, Meshkov did a pretty good write-up on all the technical details on the AdGuard blog.

    The company suggests being careful when looking for an ad blocker and to read descriptions of any extension before downloading. Many hackers tend to spam the product blurb full of keywords to ensure they get a high search rank. Descriptions like this are a dead giveaway that the software is fake.

    Also, check to see that the extension is from a trusted author or company, but be careful. Savvy hackers will sometimes try to spoof a legitimate company’s account authorship by altering it by one letter or punctuation mark. When in doubt, don’t download it.

    Permalink to story.

  2. OutlawCecil

    OutlawCecil TS Guru Posts: 556   +398

    My only comment here: Adguard for Chrome is amazing and everybody should use it. :)
    kombu likes this.
  3. learninmypc

    learninmypc TS Evangelist Posts: 8,581   +558

    I used it till it started letting ads in by the truckload then dumped it for uBlock origin as recommended by another TS poster. Never looked back. :)
  4. regiq

    regiq TS Addict Posts: 203   +80

    alabama man likes this.
  5. kombu

    kombu TS Addict Posts: 50   +103

    I use 4 different ones simultaneously. It's the only way to be sure.
    alabama man likes this.
  6. USAvenger

    USAvenger TS Booster Posts: 88   +89

    I've been using ABP for years but was just reminded of the "Acceptable Ads" crap.

    Ditched in favor of uBlock Origin.
  7. OutlawCecil

    OutlawCecil TS Guru Posts: 556   +398

    I've tested many of them. ABP was great but used too much system resources for my taste. AdGuard was the best balance. ublock was the least resource usage but also failed to block some ads. AdGuard even (sometimes) blocks the ads on Facebook which many others don't even touch.
  8. Hydra9268

    Hydra9268 TS Rookie

    Why would anyone use anything other than Ad Block Plus? I mean seriously.
  9. alabama man

    alabama man TS Guru Posts: 563   +355

    Shame sites still use intrusive ads. Would love to give something back but can't as most of the ads are basically viruses rather than product promoting. Abusing the 10 people left who don't know what adblock is wont keep them up for ever. Governments should block these ads as they are all scams and have no benefit to society, if your product is good it doesn't need ads. If there was some laws against lying or using sex to sell products ads could be redeemed but they are too busy lying to notice people are blocking ads as they make no sense anymore. Product name, picture of product and some info what it does (without lying) should be enough, maybe show logo at some point.

    But why would anyone download adblocker that wasn't in top ten, thus making sure it has no malware?And if you want some less popular one why wont you check it out or get recommendation from a site you trust? Why would anyone think "this 2000 download adblocker seem best" without any non biased info? The larger ones at least get checked by foil hat users if you have no hat to check it out your self.
  10. hood6558

    hood6558 TS Evangelist Posts: 353   +110

    I had something strange happen 2 days ago. A page came up that was supposed to be from Microsoft, wanting me to do something or buy something to rid my computer from the botnet that had just taken over, and it seemed to be locked up on that page. A hard reboot and a boot-time scan later, it was gone. I think I was just surfing reddit when it attacked from some ad banner I clicked on accidentally.
  11. Cycloid Torus

    Cycloid Torus Stone age computing. Posts: 3,671   +1,031

    Sounds to me like Chrome Web Store is broken. If you had a 'store', would you blithely go ahead offering something which harms your customers? Wouldn't you want to be sure it wasn't?
    wiyosaya likes this.
  12. Jim$ter

    Jim$ter TS Booster Posts: 161   +32

    I was thinking the same thing...Sounds like Google is the problem. If they can't control obvious fakes from showing up in their store they need to go back to the drawing board.

    That's why I personally use a iPhone....I wouldn't trust an android for anything...Somethings you need better security and not so "Open". Open, Free, and Cheap sounds good till you find out all your information and voice calls has been transferring to the Russian botnet.
  13. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 11,040   +4,758

    I'm glad its working out for you. I wish I cold remember who I saw promoting uBlock Origins. I've been using it ever since. I think it was ABP (not gonna swear to it) I was using before that.
    learninmypc likes this.
  14. regiq

    regiq TS Addict Posts: 203   +80

    "Open" as in open source is the best way to make software secure. This article is one of many examples - if you check the provided link to adguard devs blog, you'll see the source analysis of the malicious addon. It wouldn't be possible with closed source app.
    BTW Android is not really open (device drivers, most of the apps, almost every service it provides - those are closed source).
  15. learninmypc

    learninmypc TS Evangelist Posts: 8,581   +558

    Yes, you are the awesome TS poster I was talking about, many many thanks.(y)
  16. wiyosaya

    wiyosaya TS Evangelist Posts: 3,180   +1,626

    Not a chrome (spyware in sheep's clothing) user and proud of it!
    regiq likes this.
  17. learninmypc

    learninmypc TS Evangelist Posts: 8,581   +558

    I have & use Google Chrome 99.999% of the time & no problems. I use firefox too.
  18. taylor1277

    taylor1277 TS Rookie Posts: 19

    I use Ghostery, it allows me to pause for 30 min. too an hr or more. Web sites are getting clever and knowing you have an ad blocker on they disassemble their websites knowing you are using an adblocker. Ghostery shows me all of the ad trackers they have on their site. if I block all of them the webpage cuts out things like .jpg and other features. it's okay though. I need to read my email, see what it is in each one and then I just turn it back on
  19. Could have been anyone of us (including I) since it's quite the popular ad-blocker.
  20. holdum323

    holdum323 Banned Posts: 1,724   +455

  21. Solar Flair

    Solar Flair TS Enthusiast Posts: 33   +24

    Shouldn't there be mechanism to punish those who submit the malware addon to stop all these kind of stuff?
  22. senketsu

    senketsu TS Guru Posts: 898   +626

    I like Ghostery as well.
  23. wiyosaya

    wiyosaya TS Evangelist Posts: 3,180   +1,626

    uBlock origin works very well even with sites that complain that you are using an ad blocker. In many cases, you can pick the ad-blocking notifications and block them, too!
  24. m3tavision

    m3tavision TS Booster Posts: 110   +66

    That is the thing, END _USER is not liable, it is Google Chrome who is liable. They are the ones who have it up on their platform. It is not like people went to a website on their own, Chrome guided/listed those apps for them.

    Chrome/Google is responsible.
    cliffordcooley likes this.
  25. Cycloid Torus

    Cycloid Torus Stone age computing. Posts: 3,671   +1,031

    Not sure about that. If broken, is broken. IANAL, however, contract is TOS. Probably says if you use web store you do at your risk. So maybe not liable, but just broken and stupid.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...