Report: Over 20M Chrome Users Downloaded Fake Ad Blockers


Counterfeit versions and knockoffs of trusted programs exist in just about every space of computing, and a report from AdGuard states that more than 20 million users were fooled by one particular variant of this trend; fake and malicious ad blockers in Chrome's Web Store. In most cases, these extensions are simply outright imitations of more well-known options with a few extra lines of code and a fresh coat of paint, meant to do nothing more malicious than mislead users and garner undeserved downloads by stealing the work of others. Some ad blockers in the Web Store, however, inject malicious code into their processes that can escalate their privileges and open the door for them to manipulate a user's browser in just about any way that they want. To make matters worse, five of those aren't even ripoffs, but completely original works. That list includes AdRemover For Google Chrome, uBlock Plus, Adblock Pro, HD for YouTube, and Webutation.

Being duped by an ad blocker that's stolen source code from another program that a team or individual worked hard on may be bad for the makers of ad blocking extensions, but it doesn't affect the user much. Ad blockers that inject potentially malicious code, however, can wreak havoc on a user's browsing experience and even their system, if the user is not vigilant. The way that most of these work is similar or even entirely the same, according to AdGuard. The exploit works by inserting a call to a command server into the commonly used and mostly benevolent jQuery Javascript library. From there, command instructions are inserted covertly into an image asset, which is never actually seen by the user in most cases. This means that the command server could send any code they want, and as long as it falls within Chrome's sandboxing, it should, in theory, execute without any issues, since the user has granted the extension permission to operate.

Most of these extensions appear perfectly safe and inert, and for the most part, you have to actually look into the code to tell you're dealing with something potentially malicious. Obviously, that's not something that the average user will or even can do in most cases. As such, the best way to protect yourself is to see who the author of a given extension is, and only install extensions made by authors that you trust. If you can't find an author you trust for a type of extension that you want to download, doing a quick Google search for the names of different extension authors should quickly tell you who is a reputable programmer or company and who is either well-known as being untrustworthy, or who is a no-name that shouldn't be trusted above recognized names.


Share this page

Copyright ©2018 Android Headlines. All Rights Reserved.

This post may contain affiliate links. See our privacy policy for more information.
Senior Staff Writer

Daniel has been writing for Android Headlines since 2015, and is one of the site's Senior Staff Writers. He's been living the Android life since 2010, and has been interested in technology of all sorts since childhood. His personal, educational and professional backgrounds in computer science, gaming, literature, and music leave him uniquely equipped to handle a wide range of news topics for the site. These include the likes of machine learning, Voice assistants, AI technology development news in the Android world. Contact him at [email protected]

View Comments