Advertising blockers are popular and hackers are far from ignoring it. After looking at the operation of widely used Web extensions, the co-founder of adblocker AdGuard , Andrey Meshkov, noticed the presence of malicious code, intended to remount to a remote server the Web pages consulted by the user.
Following several reports from Google, Google has removed five extensions on the Chrome Web Store, the sound extension store. Chrome browser .
In all, nearly 20 million people had downloaded deleted web extensions. Among them, AdRemover (nearly 10 million users), but also uBlock Plus, Adblock Pro, HD for YouTube and Webutation.
A recurrent issue
The researcher was unable to determine the purpose of the process. It could be as well to carry out denial of service attacks thanks to the users of the extensions, as to inject advertising into the pages consulted by the users. The phishing track is also mentioned.
Web users who have downloaded such extensions are invited to uninstall them from their browser and to launch, if necessary, an antivirus scan.
The problem is far from new. The ad blockers are prized by hackers to insert malicious code. A few months ago, a fake version of the AdBlock ad blocker, dubbed “AdBlock Plus”, was made available on the Chrome Web Store. This vertigo version was then downloaded by nearly 37,000 Chrome users.
Since 2015, and for security reasons, Google prevents Chrome users download extensions outside of their official store. A measure that is not yet sufficient to protect them.