It turns out that a browser extension that says "ad blocking" was actually inserting ads on the page

× Security

Security company Imperva discovered a browser extension that claimed to "block ads," but found that it was actually inserting ads into web pages. The ad blocker that injects ads | Imperva https://www.imperva.com/blog/the-ad-blocker-that-injects-ads/

Ad-blocker actually delivers ads, say security researchers • The Register https://www.theregister.com/2021/10/14/ad_blocker_injects_bad_ads/ The extension in question is called "AllBlock" that was distributed to Chrome and Opera. thing. One day, Imperva's research team was conducting regular checks on potential threats on web pages, and found an " ad injection " script that displayed unauthorized ads on web pages for the purpose of getting users to click. I found a domain that I am distributing. When the research team analyzes the script and related Chrome extensions, it turns out that AllBlock is doing the same malicious behavior. AllBlock was distributed as a mere ad blocking extension, but a careful analysis by the research team revealed that a script was written to hide the behavior of malicious code.

When it was actually operated, a news site containing affiliate links was displayed in the search results.

The research team said, "The ads displayed by the script are from non-legitimate sources, contain affiliate links, and malicious people may be stealing ad fees. Ad injection is an evolving threat. And can affect almost every site. " He also claims that such extensions have passed the security checks of each browser: "Google is scrutinizing the security of Chrome extensions and claiming that they are blocking threats, but in question. Extensions are being distributed despite the potential for depriving Google of revenue, which indicates that Google's processes aren't working brilliantly. "

Copy the title and URL of this article

・ Related article It turned out that the ad blocking extension that was downloaded 300,000 times was tampering with SNS by collecting personal information without permission --- The reason why the GIGAZINE ad blocking extension "uBlock Origin" works optimally on Firefox What is --GIGAZINE An incident occurred in which Google displayed a fake official site of the browser "Brave" with an ad blocking function at the top of the search results --GIGAZINE It turned out that 500 Chrome extensions were stealing personal information, damage More than 1.7 million people-GIGAZINE Why is the problem of malware being loaded into extensions endless? --GIGAZINE 28 extensions for Chrome that steal browsing history and personal information are found, victims are up to 3 million including Facebook and Instagram users --GIGAZINE

・ Related content

Tweet Tweet

in security, Posted by log1p_kr

You can read the machine translated English article here.