This ad blocker extension actually added…more ads
Ad injection campaigns affect both site owners and end users
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Installing anad blockerextension for yourbrowseris a great way to limit the number of ads you see online but what if your ad blocker actually ended up showing you more ads?
Security researchers from the cybersecurity firmImpervahave released areportdetailing a new ad injection campaign that targets users through an extension available on bothGoogle ChromeandOperacalled AllBlock.
For those unfamiliar, ad injection is the process of inserting unauthorized ads into a publisher’s webpage with the goal of enticing unsuspecting users into clicking on them. Ad injection can also come from a variety of sources including malicious browser extensions,malwareand even stored cross-site scripting (XSS).
When it comes toecommerce, ad injection is commonly used to advertise on competitors' sites to steal their customers, price comparison ads can be utilized to distract customers and prevent them from making purchases and affiliate codes or links can be injected so that scammers can cash in on purchases made on sites that aren’t theirs.
AllBlock extension
Back in August, Imperva Research Labs discovered that unknownmalicious domainswere being distributed by an ad injection script.
One of these malicious domains observed by the firm works by sending a list of all of the links on a page to a remote server. The server returns the list of domains it wants to redirect back to the script and then whenever a user clicks on a link that has been altered, they are taken to a different page (often an affiliate link) than the one intended by the actual site owner.
Imperva then decided to download theChrome extensionfor AllBlock for further analysis to find that it also leads to the same malicious behavior. After reviewing the extension’s source code, the firm found that while it appeared like any other ad blocker, the background script “bg.js” was used to inject a JavaScript code snippet into every new tab.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Despite its findings, Imperva doesn’t believe it found the origin of the attack because of the way the script was injected and that a larger campaign is taking place that may utilize different delivery methods as well as other extensions.
If you’ve added AllBlock to your browser, you should remove the extension immediately if you don’t want additional ads injected to the websites you visit. Thankfully though, it does appear thatGooglehas removed the extension in question from theChrome Web Store.
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.
iStorage Group acquires Kanguru Solutions as it looks to expand security offering
Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics
Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well
