Home » This ad blocker extension actually added … more ads

This ad blocker extension actually added … more ads

Installing an ad blocker extension for your browser is a great way to limit the number of ads you see online, but what if your ad blocker ends up showing you more ads? ?

Security researchers at cybersecurity firm Imperva released a report detailing a new ad injection campaign that targets users through an extension available on both Google Chrome and Opera called AllBlock.

For those who are unfamiliar with ad injection is the process of inserting unauthorized ads into a publisher’s webpage with the aim of tricking unsuspecting users into clicking on them. Ad injection can also come from a variety of sources, including malicious browser extensions, malware, and even Stored Cross-Site Scripting (XSS).

When it comes to e-commerce, ad injection is commonly used to advertise on competitor’s sites to steal their customers, price comparison ads can be used to distract customers and prevent them from making purchases and affiliate codes or links can be injected so that scammers can cash out. on purchases made on sites that are not theirs.

AllBlock extension

In August, Imperva Research Labs discovered that unknown malicious domains were being distributed by an ad injection script.

One of these malicious domains observed by the firm works by sending a list of all the links on a page to a remote server. The server returns the list of domains it wants to redirect to the script, then each time a user clicks on a link that has been changed, they are redirected to a different page (often an affiliate link) than expected. by the actual owner site.

Imperva then decided to download the Chrome extension for AllBlock for further analysis to find that it also leads to the same malicious behavior. After examining the source code for the extension, the company discovered that while it looked like any other ad blocker, the “bg.js” background script was being used to inject a snippet of JavaScript code in each new tab.

Despite its findings, Imperva does not believe it has found the origin of the attack due to the way the script was injected and that a larger campaign is underway that may use different delivery methods as well as others. extensions.

If you have added AllBlock to your browser, you should remove the extension immediately if you do not want additional ads to be injected on the websites you visit. Fortunately, it appears that Google has removed the extension in question from the Chrome Web Store.


Please enter your comment!
Please enter your name here

Stay on Top - Get the daily news in your inbox

Trending this Week