Ad Blocker From Chrome Store was a Malicious Hack

Malicious Hack

Watch closely the below Ad-blocker extension, and if by any chance you have installed in your Google Chrome browser, and then you are in for a surprise. Yes, you could have been hacked. Five malicious ad blockers have been spotted by a security researcher nearly 20-million users across the world have installed the Adblocker.

Nevertheless, these browser extensions are not new, and many of us know that they have access to everything we do online. There is always a chance for the creator to steal the information from your website, including your password, and banking details.

Andrey Meshkov, co-founder of Adguard who found this said, these five malicious extensions are copycat versions of some legitimate, well-known Ad Blockers.

The Creator of these extensions also used popular keywords in their names and descriptions to rank top in the search results, increasing the possibility of getting more users to download them.

“All the extensions I’ve highlighted are simple rip-offs with a few lines of code and some analytics code added by the authors,” Meshkov says.

After Meshkov reported his findings to Google on Tuesday, the tech giant immediately removed all of the following mentioned malicious ad blocker extension from its Chrome Store:

• HD for YouTube
• Webutation
• AdRemover for Google Chrome
• Adblock Pro
• unlock Plus

Meshkov downloaded the ‘AdRemover’ extension for Chrome, and after analyzing it, he discovered that malicious code hidden inside the modified version of jQuery, a well-known JavaScript library, sends information about some websites a user visits back to a remote server.

Remote server sends commands to the malicious extensions, which are executed in the background page, which has the ability to change the browser’s behavior. These commands, send by the remote server are hidden inside a harmless-looking image, which helps it to avoid detection.

“These commands are scripts which are then executed in the privileged context (extension’s background page) and can change your browser behavior in any way,” Meshkov says. He further said “Basically, this is a botnet composed of browsers infected with the fake Adblock extensions. The browser will do whatever the command center server owner orders it to do.”

The researcher also analyzed other extensions on the Chrome Store and found four more extensions using similar tactics.

Julia Sowells960 Posts

Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.


    Leave a Comment


    Welcome! Login in to your account

    Remember meLost your password?

    Don't have account. Register

    Lost Password