Malware posing as Ad Blocker has been downloaded by millions of people

The Ad Blocker that you have installed in your browser may actually be malware. The co-founder of Ad-blocker AdGuard recently has audited a number of ad blockers on the Google Chrome Web Store.

Most of these extensions are styled to look legitimate but they are actually carrying malware in their code. Meshkov said

“Basically I downloaded it and checked what requests the extension was making,” Meshkov told me over the phone. “Some strange requests caught my attention.”

He also discovered AdRemover extension for Chrome had a script loaded from the remote command server, giving the extension developer the capability to change its functionality without updating the existing code. Motherboard has asked Google about this and the company has since removed the extension.

Although Meshkov didn’t immediately notice what the extension was actually collecting the data for, he said that having a link to a remote server is dangerous because it could change the way your browser behaves in many ways. He also said that the extension could alter the appearance of the web pages that a user visits.

The Google Chrome store has a history of approving  sketchy extensions to its store. While this code couldn’t do anything it could definitely allow for malicious behaviour.

“For instance, the extension could probably man-in-the-middle all the requests coming from your browser, but it can’t, for instance, read your browser’s encrypted password database, because that is not a privilege that extensions can have,” Zhu explained over a Twitter direct message.

Google has since removed the following malicious ad blocker extensions from its Chrome Store:

  • AdRemover for Google Chrome™ (10 million+ users)
  • uBlock Plus (8 million+ users)
  • [Fake] Adblock Pro (2 million+ users)
  • HD for YouTube™ (400,000+ users)
  • Webutation (30,000+ users)

Take your time to comment on this article.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients