Google removed five fake ad blockers from the Chrome Store Wednesday April 18th after they were flagged by a researcher, but they had already been downloaded more than 20 million times.

Andrey Meshkov, co-founder of Adguard, discovered these ad blockers. While he noted that hackers have long created cloned versions of popular ad blockers, they have grown more sophisticated.

“These criminals still use simple rip-offs of popular products, with a few lines of code added by the ‘authors,’” Meshkov wrote in the post. “But instead of using similar names (like ‘Adguard Hardline’ or ‘Adblock Plus Premium’), they spam keywords into the extension’s description, trying to move it to the top search results and increase the likelihood of getting a victim to download it.”

Cloning real ad blockers and adding malicious features to them has become a popular tactic for cybercriminals. For example, in 2017, a researcher discovered a fake Adblock Plus Chrome extension that tricked 37,000 users into installing it.

Fake ad blockers hide malicious code inside jQuery, a well-known JavaScript library, according to the post. The code sends back information to its server about the websites a victim visits. It then receives command scripts from the remote server that are executed and can change your browser’s behavior in any way.

These five ad blockers use this malicious approach:
  1. AdRemover for Google Chrome™ (10M+ users)
  2. uBlock Plus (8M+ users)
  3. Adblock Pro (2M+ users)
  4. HD for YouTube™ (400K+ users)
  5. Webutation (30K+ users)

 

If you have any of these ad blockers installed, please uninstall. If you require assistance, please contact Frankenstein Computers.

 

Adapted from an article on techrepublic.com

 

Frankenstein Computers has been taking care of our happy clients since 1999. We specialize in IT Support, IT Service, MAC repair, PC Repair, Virus Removal, and much more.