April 22, 2018
Google Chrome: Over 20 Million Users Installed Malware Infected Ad Blockers Into Their Browsers

Ad blocking tools are installed by hundreds of millions of internet users to ward off unwanted ads, intrusive marketing techniques, and to prevent unwanted disruptions while surfing the web.

Ad Guard, a research firm that provides its own ad blocking service, has revealed that over 20 million Google Chrome users were fooled into installing fake ad blockers into their browsers.

Ad Guard stated that the malicious chrome extensions are clones of the original ad blockers. The company stated that hackers have embedded these chrome extensions with malicious codes, according to GadgetsNow.

In the Google Chrome web store, a total of five fake ad blockers were available to the public for installation into their web browsers. The phony ad blockers served their purpose of blocking ads, however, the chrome extensions also infected millions of computers in which they were installed. Therefore, it is imperative that Google Chrome users check their ad blocking extensions before downloading into their browsers.

Following the report by Ad Guard, Google promptly removed the five suspected extensions from their store.

The harmful Google Chrome extensions included AdRemover for Google Chrome (10 million users), uBlock Plus (8 million users), Adblock Pro (2 million users), HD for YouTube (400,000 users), and Webutation (30 million users). In total, well over 20 million users have downloaded one of any of the five malicious Chrome extensions, according to GadgetsNow.

The harmful code is hidden deep inside a javascript library which is known as jQuery, thus, making it more difficult to detect.

The malicious Google Chrome extensions spammed targeted keywords and codes in order to stand at the top of search results for phrases like "ad blocker" and "ad block," according to Tech Radar.

According to Ad Guard's blog, once these fake ad-blockers are downloaded and installed, the malware proceeds to collect data and send the browsing history (with personal information) directly to a server. The server then sends commands to the browser which then executes the script sent by the servers, according to GadgetsNow.

Fake Ad blockers in Google Chrome store contains malware.
The harmful code embedded within the phony extensions is hidden deep inside a javascript library known as jQuery.

The co-founder of AdGuard, Andrew Meshkov, stated, "Basically, this is a botnet composed of browsers infected with the fake AdBlock extensions. The browser will do whatever the command center server owner orders it to do."

Another researcher who analyzed the AdRemover tool concluded that the code inside the application has the potential be used to leak "information about some of the websites you visit," according to Newsweek.

Meshkov stated that surfing through Google Chrome's WebStore was like "walking through a minefield." Andrew gave some words of wisdom to internet users and said if you want to install an extension, think twice, "and then think twice again."

A helpful tip when installing Google Chrome extensions is to check the author or the company. The developer behind any extension is important to note. Internet users can head over to the developer's official website (and use their own link to Google's online store), to make certain that they aren't downloading a copycat extension.