Saturday, July 13, 2024

More than 20,000,000 Chrome Users are Tricked into Installing Fake Ad Blockers

Nowadays adblockers are quite popular among user’s, but before installing extension it is required to make validation checks to ensure that you are installing the trusted extension, else you may end up with Fake Ad Blockers.

Cloning the famous and wide-spread extension is not new, but instead of using tricky names attackers started using keywords with the extension description and trying to make the top of the search results.

Andrey Meshkov from Adguard reports that attackers tricked more than 20,000,000 users to install the fake extension of the ad blockers.

I must say the problem is not new. It’s been a while since different “authors” started spamming Chrome WebStore with lazy clones of popular ad blockers and the only way to stop is by filing a violation abuse to Google to Google and it takes couple day’s to turn down the app.

Casual user’s use to believe in the top search results which are not good, a deeper analysis is required before selecting an extension that serves our purpose.

What these Fake Ad Blockers Do

They found to be hidden inside of well-known javascript files and they track the user activities such as the pages that you are visiting and send’s the information to the attacker’s server.

Fake Ad Blockers.

To avoid detection they use to transfer the harmful codes inside of the legitimate image files which later executed in browser background and can change your browser behavior in any way.

This is not a first time, few months before Google Taken Down More than 423,992 users have been affected with the bot and a total of 89 extensions removed from chrome web store.

Here is the full list of the extensions identified by Adguard on WebStore

AdRemover for Google Chrome™ (10M+ users)
uBlock Plus (8M+ users)
Adblock Pro (2M+ users)
HD for YouTube™ (400K+ users)
Webutation (30K+ users)

All the apps has been reported to the Google and all the five apps are taken down.


Latest articles

mSpy Data Breach: Millions of Customers’ Data Exposed

mSpy, a widely used phone spyware application, has suffered a significant data breach, exposing...

Advance Auto Parts Cyber Attack: Over 2 Million Users Data Exposed

RALEIGH, NC—Advance Stores Company, Incorporated, a prominent commercial entity in the automotive industry, has...

Hackers Using ClickFix Social Engineering Tactics to Deploy Malware

Cybersecurity researchers at McAfee Labs have uncovered a sophisticated new method of malware delivery,...

Coyote Banking Trojan Attacking Windows Users To Steal Login Details

Hackers use Banking Trojans to steal sensitive financial information. These Trojans can also intercept...

Hackers Created 700+ Fake Domains to Sell Olympic Games Tickets

As the world eagerly anticipates the Olympic Games Paris 2024, a cybersecurity threat has...

Japanese Space Agency Spotted zero-day via Microsoft 365 Services

The Japan Aerospace Exploration Agency (JAXA) has revealed details of a cybersecurity incident that...

Top 10 Active Directory Management Tools – 2024

Active Directory Management Tools are essential for IT administrators to manage and secure Active...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles