Adguard claims 20 million Chrome users installed (realistic-looking) fake ad blockers

  • TECH
  • Monday, 23 Apr 2018

Chrome users are being warned about phony ad blockers. — AFP Relaxnews

Adguard identified five different fake ad blockers that had targeted Chrome users; Google has since taken down them down. 

The immediate panic is over as Google quickly reacted and removed five fake, yet very realistic-looking, ad blockers from its list of “available browser extensions”. However these were not the first, nor the last security risks to its Chrome users it seems. In fact, the issue could be much greater than imagined. Now the challenge is to make casual users wary and steer them to the right extensions. 

Around seven months ago, a similar news story broke about 37,000 users installing a fake ad blocker, which resulted in a lot of tweets regarding Google's vetting process for Chrome Extensions. Now, a blogpost by Adguard, published this week, suggests that the problem is much larger. 

The report highlights the dangers of installing fake ad blockers, such as the five it named, as they spam the Chrome Webstore with “lazy clones of popular ad blockers (with a few lines of their code on top of them)”. 

Many users are familiar with the brand Adguard and therefore may, without thinking twice, click on an extension named “Adguard Hardline” or something else that sounds legit, such as “Adblock Plus Premium”. 

Here is Adguard's list of fake ad blockers, which Google has now removed:
AdRemover for Google Chrome (10M+ users)
uBlock Plus (8M+ users)
Adblock Pro (2M+ users)
HD for YouTube™ (400K+ users)
Webutation (30K+ users) 

As a result of clicking on a fake extension, malicious code hidden in coding (not easily spotted by your average user) will result in a remote server affecting or changing your browser's behaviour. 

“Basically, this is a botnet composed of browsers infected with the fake adblock extensions. The browser will do whatever the command centre server owner orders it to do.”  

The advice given by Adguard, to avoid falling into the traps of malicious developers, is to check the author of the extension and make sure it's someone known, then “think twice. And then think twice again”. — AFP Relaxnews

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 1
Cxense type: free
User access status: 3

Did you find this article insightful?


Across the site