Google removed two ad blocking extensions from the Chrome Web Store after experts discovered that they were injecting data into the browser to divert commissions on online purchases.
According to AdGuard, which discovered the fraud, millions of dollars of commission may have been paid inappropriately.
Together, the fake AdBlock and uBlock extensions got over 1.6 million installations.
Extensions used names almost identical to those of other popular ad blockers. – Photo: AdGuard
Registered on behalf of "AdBlock, Inc", AdBlock had 800,000 users counting its own Chrome Web Store. The second fake extension, uBlock, was in the name of Charlie Lee and had amassed 850,000 users.
The extension names were derived from getadblock's legitimate AdBlock and uBlock Origin extensions, both with over 10 million installations.
There is a possibility that users have installed fake extensions when looking for the original versions. However, the similarity of names is not enough for an extension to be rejected by Google.
According to AdGuard, malicious behavior of extensions only appeared after they were 55 hours running. Extensions also ceased improper practice when they detected the opening of the development console, which typically exposes everything the browser is doing. These tricks made it difficult to detect fraud.
Harmful behavior extensions are a frequent issue in the official Chrome store.
In 2018, a group of extensions reached 20 million downloads before Google removed all of them from the store. In July, an expert identified extensions that registered and marketed information about websites users visited.
Commission without disclosure
According to AdGuard, fake extensions often generated ghosting "clicks" invisible to the user. These clicks could occur with each site visited, monitoring user navigation and injecting a browser affiliate code to divert revenue from clicks and commissions.
For example, when visiting an online store, the extension forced the browser to store an affiliate identifier in memory. If the user bought a product, the sale would generate a commission payment.
Online commissions are intended to promote products and websites. Since the extension did not promote anything, the practice is uneven and constitutes fraud against advertisers and stores. In some cases, an affiliate who actually promoted the store or product could stop receiving their legitimate commission for these extensions.
Security, hacking and virus questions? Send to email@example.com
Stamp Altieres Rohr – Photo: Illustration: G1