Fake ad blocker extensions used in ad fraud scheme
Popular fake ad blockers engaged in cookie stuffing
Users trying to clean up their web browsing experience by installing an ad blocking extension may want to think twice as new research from AdGuard has revealed that many popular ad blockers are not only fake but also malicious.
After a thorough investigation of the ad blockers available on the Chrome Web Store, the firm found that many including AdBlock by AdBlock, Inc and Ublock by Charlie Lee were using the names of two other very popular ad blockers, AdBlock and uBlock Origin, to trick users into downloading them. However, AdGuard also found that these ad blockers were engaged in malicious behavior.
At first these add-ons did what they were supposed to and removed ads from web pages as both are based on the code of the original “AdBlock” extension.
- Chrome will limit full ad blocking to enterprise users
- Malicious Android apps hijacked phones to click on ads
- Adblock Plus and other ad blockers have a worrying security hole
AdGuard then discovered that after being installed for around 55 hours, these extensions began to send out a request to urldata.net for each new domain they visited. This allowed the extensions to receive affiliate links from the sites users visited and if they made a purchase while visiting them, the extensions owner would be paid a commission from those sites.
Cookie stuffing
The technique used by the fake ad blockers is known as cookie stuffing and is basically an ad fraud scheme. Not only are the creators of these fake extensions using the names of more popular ad blockers to trick users into downloading them, they are also using their browsing activity and online purchases to earn commissions for themselves.
According to AdGuard, Google has received multiple reports about how these fake ad blockers are using the names of more popular extensions for their own benefit but the search giant has yet to remove them from the Chrome Web store.
These two extensions have over 1.6m weekly active users who were stuffed with cookies from more than 300 websites from the Alexa Top 10000. While the damage is difficult to estimate, AdGuard believes that the creators are earning millions each month from cookie stuffing.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
There is a silver lining though as now that the fake ad blocker scheme has been uncovered, the owners of affiliate programs can follow the money trail to find out who is behind this scheme. Cookie stuffing and other ad fraud schemes are illegal and there's a chance that the developers of these extensions will be held responsible for their actions.
- We've also highlighted the best Google Chrome extensions of 2019
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.