Skip to main content

20 million Chrome users are fooled into downloading fake ad blockers

Google removed a number of fake ad blockers from its Chrome store after an AdGuard researcher discovered that these extensions concealed malicious scripts. The code hidden within these fake ad blocking extensions was used to collect information about a user’s browsing session and to change the browser’s behavior.

Some of these extensions were popular, with one fake ad blocker garnering as many as 10 million downloads. Even the least popular extension, Webutation, had 30,000 downloads.

These malicious ad-blocking extensions merely copied the legitimate ad blocking code from real ad blockers and added its own harmful one.

“All the extensions I’ve highlighted are simple rip-offs with a few lines of code and some analytics code added by the ‘authors,’” AdGuard’s Andrew Meshkov wrote. “Instead of using tricky names they now spam keywords in the extension description trying to make to the top search results.”

Given that most casual users don’t really pay attention to the name of an extension as long as it was somewhere near the top of their search results, it’s easy to deceive a large number of Chrome users to download fake ad blockers. Combined, all five of the flagged — and now removed — ad blockers generated 20 million downloads, according to AdGuard.

“Basically, this is a botnet composed of browsers infected with the fake adblock extensions. The browser will do whatever the command center server owner orders it to do,” he wrote.

The malicious code sends the data it collects, including your browsing information, to a remote server. The server then sends a command to an extension that is concealed inside an innocent image, and the commands are executed as scripts to change the way your browser behaves.

To protect yourself, AdGuard recommends that you only download browser extensions from trusted authors and companies. If you don’t know the author, Meshkov recommends skipping the extension. Even if the extension comes from a trusted author, the software could be sold to another party in the future, which could then change the intended use or behavior of the extension.

If you’re looking for an ad block, be sure to check out our list of recommendations for some of the best ad blocking extensions.

Editors' Recommendations

Chuong Nguyen
Silicon Valley-based technology reporter and Giants baseball fan who splits his time between Northern California and Southern…
1.5% of Chrome users’ passwords are known to be compromised, according to Google
A password screen with an indecipherable password inputted.

1.5% of passwords used in Chrome are unsafe and have been released in data breaches, according to new information from Google.

In February, a new feature was introduced to the Google Chrome browser which checks whether users' passwords are secure. Password Checkup is a free download that scans a database of 4 million compromised passwords and informs users if their password is among them and they need to change it. The database of passwords is collated from known third-party data breaches and when a user enters their password, it is checked against the list.

Read more
Everyone’s mad about Google blocking ad blockers in Chrome. Here’s why
Google Chrome photo

An ad-free web browsing experience may only be available to those willing to pay for it.

At least, that appears to be the future waiting for Google Chrome. In a recent update, Google has moved to hamper Chrome’s ad-blocking capabilities, while also announcing that the deprecation of that feature will not apply to Google’s paid G Suite Enterprise subscribers.

Read more
Spotify could terminate accounts of listeners using ad blockers
The Spotify app icon on a smartphone.

Bad news for those who use an ad blocker to get rid of the famously annoying adverts on Spotify -- the company has updated its Terms of Service to explicitly ban ad blockers. And there are potentially serious consequences in place for users found circumventing the rules, including suspending or terminating your account.

According to the new Terms of Service, "circumventing or blocking advertisements in the Spotify Service, or creating or distributing tools designed to block advertisements in the Spotify Service" is prohibited. This is in addition to previous anti-ad blocker methods employed by the company, like detection measures to pinpoint users who are manipulating their streams.

Read more