Data Security

Clones of popular Ad blockers caught ad frauding millions of Chrome users

If you are using these two Ad Blockers we suggest removing them from your browser right now or be home to extensive ongoing ad fraud.

There are more than 600 million users currently surfing the Internet with their Ad Blockers on. It’s a fact that Ad Blockers greatly hurt daily earnings of websites but at the same time, these figures are lucrative for cybercriminals and petty online crooks looking to make big bucks on someone else’s behalf.

One also can’t deny that Ad Blockers actually protects users from redirecting to malicious or compromised websites hosting malware or phishing scam. But what if your Ad Blocker is malicious and using your browsing activities to make millions of dollars in return?

You read that right! According to research conducted by Adguard, two of the most popular Ad Blockers on Chrome Web Store are fake and carrying out large scale ad fraud by using names of legitimate popular Ad Blockers. These Ad Blockers are “AdBlock” by “AdBlock, Inc” and “uBlock” by “Charlie Lee.”

The uBlock” by “Charlie Lee” has more than 863,000 installs while “AdBlock” by “AdBlock, Inc” is currently being used by more than 848,000 unsuspecting users. The reason these Ad Blockers have hundreds of thousands of installs and 5-star reviews is that their names seem legit and they do block ads just the way a legitimate one would.

However, in the background, both Ad Blockers run cookie stuffing, a malicious ad fraud technique in which a user receives a third-party cookie without their permission or knowledge. That cookie is used to keep an eye on the victim’s browsing activities and in case they visit a website to make an online purchase, the cookie stuffer is paid a commission by the target.

In the case of Ad Blockers; both browser extensions have been using cookie stuffing to generate commission. For instance, Adguard identified cookie stuffing from several affiliates including Teamviewer, Microsoft, Linkedin, Aliexpress, and Booking.

“The scale is unprecedented. These two add-ons have more than 1.6 Million “weekly active users”, who were stuffed with cookies of over than 300 websites from Alexa Top 10000. It is difficult to estimate the damage, but I’d say that we are talking about millions of USD monthly,” wrote Andrey Meshkov of AdGuard.

What’s worse is that Google was informed about the ongoing scam yet both extensions are still available on Chrome Web Store. This should not come as a surprise since Google’s Play Store is also home to some of the most malicious malware in the world and the search engine giant is literally doing nothing about it so far.

This, however, is not the first time when Adguard researchers have exposed malicious Ad Blockers running sophisticated ad fraud against Chrome users. Last year, the company identified 5 such fake Ad Blocker extensions which were collectively scamming over 20 million users.

If you are using Ad Blockers on Chrome, make sure they are legitimate, read their privacy policies, keep an eye on blog posts from Adguard and Hackread. Most importantly, remove “AdBlock” by “AdBlock, Inc” and “uBlock” by “Charlie Lee” right now.

Update: 16:39 Wednesday, 18 September 2019 (BST)

Google Chrome team has finally kicked out both fraudulent extensions from their Web Store.

To Top

Pin It on Pinterest

Share This