Ad Blocker From Chrome Store was a Malicious Hack

Google’s Advanced Protection Program For Cloud Services Released As Beta

Watch closely the below Ad-blocker extension, and if by any chance you have installed in your Google Chrome browser, and then you are in for a surprise. Yes, you could have been hacked. Five malicious ad blockers have been spotted by a security researcher nearly 20-million users across the world have installed the Adblocker.

Nevertheless, these browser extensions are not new, and many of us know that they have access to everything we do online. There is always a chance for the creator to steal the information from your website, including your password, and banking details.

Andrey Meshkov, co-founder of Adguard who found this said, these five malicious extensions are copycat versions of some legitimate, well-known Ad Blockers.

The Creator of these extensions also used popular keywords in their names and descriptions to rank top in the search results, increasing the possibility of getting more users to download them.

“All the extensions I’ve highlighted are simple rip-offs with a few lines of code and some analytics code added by the authors,” Meshkov says.

After Meshkov reported his findings to Google on Tuesday, the tech giant immediately removed all of the following mentioned malicious ad blocker extension from its Chrome Store:

• HD for YouTube
• Webutation
• AdRemover for Google Chrome
• Adblock Pro
• unlock Plus

Meshkov downloaded the ‘AdRemover’ extension for Chrome, and after analyzing it, he discovered that malicious code hidden inside the modified version of jQuery, a well-known JavaScript library, sends information about some websites a user visits back to a remote server.

Remote server sends commands to the malicious extensions, which are executed in the background page, which has the ability to change the browser’s behavior. These commands, send by the remote server are hidden inside a harmless-looking image, which helps it to avoid detection.

“These commands are scripts which are then executed in the privileged context (extension’s background page) and can change your browser behavior in any way,” Meshkov says. He further said “Basically, this is a botnet composed of browsers infected with the fake Adblock extensions. The browser will do whatever the command center server owner orders it to do.”

The researcher also analyzed other extensions on the Chrome Store and found four more extensions using similar tactics.


Leave a Comment


Welcome! Login in to your account

Remember me Lost your password?

Don't have account. Register

Lost Password