Installing an ad blocker extension for your browser is a great way to limit the number of ads you see online, but what if your ad blocker ends up showing you more ads? ?
Security researchers at cybersecurity firm Imperva released a report detailing a new ad injection campaign that targets users through an extension available on both Google Chrome and Opera called AllBlock.
For those who are unfamiliar with ad injection is the process of inserting unauthorized ads into a publisher’s webpage with the aim of tricking unsuspecting users into clicking on them. Ad injection can also come from a variety of sources, including malicious browser extensions, malware, and even Stored Cross-Site Scripting (XSS).
When it comes to e-commerce, ad injection is commonly used to advertise on competitor’s sites to steal their customers, price comparison ads can be used to distract customers and prevent them from making purchases and affiliate codes or links can be injected so that scammers can cash out. on purchases made on sites that are not theirs.
In August, Imperva Research Labs discovered that unknown malicious domains were being distributed by an ad injection script.
One of these malicious domains observed by the firm works by sending a list of all the links on a page to a remote server. The server returns the list of domains it wants to redirect to the script, then each time a user clicks on a link that has been changed, they are redirected to a different page (often an affiliate link) than expected. by the actual owner site.
Despite its findings, Imperva does not believe it has found the origin of the attack due to the way the script was injected and that a larger campaign is underway that may use different delivery methods as well as others. extensions.
If you have added AllBlock to your browser, you should remove the extension immediately if you do not want additional ads to be injected on the websites you visit. Fortunately, it appears that Google has removed the extension in question from the Chrome Web Store.