AdGuard reports that 20 million Chrome users have malware infected ad blockers

Cal Jeffrey

Posts: 4,140   +1,406
Staff member

On Tuesday AdGuard Research revealed that as many as 20 million Chrome users have been tricked into downloading and installing fake ad blocking extensions.

According to researchers, the extensions are nothing more than “rip-offs” or clones of legitimate ad blockers that hackers have embedded with malicious code then renamed. They use names similar to popular extensions like “Adblock Plus Premium” and “Adguard Hardline” to get them ranked higher in searches and to fool users into thinking they are additional offerings from famous brands. Even AdGuard itself has been spoofed.

The company says that there is not much that can be done about these fakes other than filing trademark complaints with Google to have them taken down. However, this takes a few days in which time thousands of people can still download the malware.

This is a problem because of the five fake extensions that the AdGuard looked at; the least popular one had been downloaded over 30,000 times. Another had been grabbed by unaware users more than 10 million times. All totaled, the five fake extensions have been installed on over 20 million browsers.

AdGuard notified Google of the bogus extensions and as of today they have been removed from the Chrome Web Store. However, there could still be others floating around. So be warned.

According to AdGuard’s Andrew Meshkov, the malware collects and sends browsing history and other personal information to a server. The server then sends commands to the browser within a weird, but seemingly innocent image. The browser then executes the scripts contained in the picture.

“Basically, this is a botnet composed of browsers infected with the fake adblock extensions. The browser will do whatever the command center server owner orders it to do,” said Meshkov.

I am not even going to pretend that I know how these beasts actually work, but if you are curious, Meshkov did a pretty good write-up on all the technical details on the AdGuard blog.

The company suggests being careful when looking for an ad blocker and to read descriptions of any extension before downloading. Many hackers tend to spam the product blurb full of keywords to ensure they get a high search rank. Descriptions like this are a dead giveaway that the software is fake.

Also, check to see that the extension is from a trusted author or company, but be careful. Savvy hackers will sometimes try to spoof a legitimate company’s account authorship by altering it by one letter or punctuation mark. When in doubt, don’t download it.

Permalink to story.

 
I've tested many of them. ABP was great but used too much system resources for my taste. AdGuard was the best balance. ublock was the least resource usage but also failed to block some ads. AdGuard even (sometimes) blocks the ads on Facebook which many others don't even touch.
 
Shame sites still use intrusive ads. Would love to give something back but can't as most of the ads are basically viruses rather than product promoting. Abusing the 10 people left who don't know what adblock is wont keep them up for ever. Governments should block these ads as they are all scams and have no benefit to society, if your product is good it doesn't need ads. If there was some laws against lying or using sex to sell products ads could be redeemed but they are too busy lying to notice people are blocking ads as they make no sense anymore. Product name, picture of product and some info what it does (without lying) should be enough, maybe show logo at some point.

But why would anyone download adblocker that wasn't in top ten, thus making sure it has no malware?And if you want some less popular one why wont you check it out or get recommendation from a site you trust? Why would anyone think "this 2000 download adblocker seem best" without any non biased info? The larger ones at least get checked by foil hat users if you have no hat to check it out your self.
 
I had something strange happen 2 days ago. A page came up that was supposed to be from Microsoft, wanting me to do something or buy something to rid my computer from the botnet that had just taken over, and it seemed to be locked up on that page. A hard reboot and a boot-time scan later, it was gone. I think I was just surfing reddit when it attacked from some ad banner I clicked on accidentally.
 
Sounds to me like Chrome Web Store is broken. If you had a 'store', would you blithely go ahead offering something which harms your customers? Wouldn't you want to be sure it wasn't?
 
Sounds to me like Chrome Web Store is broken. If you had a 'store', would you blithely go ahead offering something which harms your customers? Wouldn't you want to be sure it wasn't?

I was thinking the same thing...Sounds like Google is the problem. If they can't control obvious fakes from showing up in their store they need to go back to the drawing board.

That's why I personally use a iPhone....I wouldn't trust an android for anything...Somethings you need better security and not so "Open". Open, Free, and Cheap sounds good till you find out all your information and voice calls has been transferring to the Russian botnet.
 
I used it till it started letting ads in by the truckload then dumped it for uBlock origin as recommended by another TS poster. Never looked back. :)
I'm glad its working out for you. I wish I cold remember who I saw promoting uBlock Origins. I've been using it ever since. I think it was ABP (not gonna swear to it) I was using before that.
 
I was thinking the same thing...Sounds like Google is the problem. If they can't control obvious fakes from showing up in their store they need to go back to the drawing board.

That's why I personally use a iPhone....I wouldn't trust an android for anything...Somethings you need better security and not so "Open". Open, Free, and Cheap sounds good till you find out all your information and voice calls has been transferring to the Russian botnet.

"Open" as in open source is the best way to make software secure. This article is one of many examples - if you check the provided link to adguard devs blog, you'll see the source analysis of the malicious addon. It wouldn't be possible with closed source app.
BTW Android is not really open (device drivers, most of the apps, almost every service it provides - those are closed source).
 
I'm glad its working out for you. I wish I cold remember who I saw promoting uBlock Origins. I've been using it ever since. I think it was ABP (not gonna swear to it) I was using before that.
Yes, you are the awesome TS poster I was talking about, many many thanks.(y)
 
I use Ghostery, it allows me to pause for 30 min. too an hr or more. Web sites are getting clever and knowing you have an ad blocker on they disassemble their websites knowing you are using an adblocker. Ghostery shows me all of the ad trackers they have on their site. if I block all of them the webpage cuts out things like .jpg and other features. it's okay though. I need to read my email, see what it is in each one and then I just turn it back on
 
I used it till it started letting ads in by the truckload then dumped it for uBlock origin as recommended by another TS poster. Never looked back. :)
I'm glad its working out for you. I wish I cold remember who I saw promoting uBlock Origins. I've been using it ever since. I think it was ABP (not gonna swear to it) I was using before that.

Could have been anyone of us (including I) since it's quite the popular ad-blocker.
 
I use Ghostery, it allows me to pause for 30 min. too an hr or more. Web sites are getting clever and knowing you have an ad blocker on they disassemble their websites knowing you are using an adblocker. Ghostery shows me all of the ad trackers they have on their site. if I block all of them the webpage cuts out things like .jpg and other features. it's okay though. I need to read my email, see what it is in each one and then I just turn it back on
uBlock origin works very well even with sites that complain that you are using an ad blocker. In many cases, you can pick the ad-blocking notifications and block them, too!
 
Sounds to me like Chrome Web Store is broken. If you had a 'store', would you blithely go ahead offering something which harms your customers? Wouldn't you want to be sure it wasn't?


That is the thing, END _USER is not liable, it is Google Chrome who is liable. They are the ones who have it up on their platform. It is not like people went to a website on their own, Chrome guided/listed those apps for them.

Chrome/Google is responsible.
 
That is the thing, END _USER is not liable, it is Google Chrome who is liable. They are the ones who have it up on their platform. It is not like people went to a website on their own, Chrome guided/listed those apps for them.

Chrome/Google is responsible.
Not sure about that. If broken, is broken. IANAL, however, contract is TOS. Probably says if you use web store you do at your risk. So maybe not liable, but just broken and stupid.
 
Back