This ad blocker extension actually added…more ads

DMCA / Correction Notice
- Advertisement -


Installing an ad blocker extension for your browser is a great way to limit the number of ads you see online, but what if your ad blocker is actually showing you more ads?

- Advertisement -

Security researchers from cybersecurity firm Imperva have released a report detailing a new ad injection campaign that targets users through an extension available on both Google Chrome and Opera called AllBlock.

For those unfamiliar, ad injection is the process of inserting unauthorized ads into a publisher’s webpage, with the goal of attracting unknown users to click on them. Ad injection can also come from a variety of sources, including malicious browser extensions, malware, and even archived cross-site scripting (XSS).

  • We’ve put together a list of the best VPN services available
  • These are the best privacy apps on the market
  • Also check out our roundup of the best proxies
advertisement

When it comes to ecommerce, ad injection is commonly used to place ads on competitors’ sites to steal their customers, price comparison ads are used to distract customers and deter them from making a purchase. and affiliate codes or links can be injected so that scammers can cash in on purchases made on sites that are not theirs.

AllBlock Extension

- Advertisement -

Back in August, Imperva Research Labs discovered that unknown malicious domains were being delivered by an ad injection script.

The firm works by sending a list of all links on a page to a remote server in one of these malicious domains visited. The server returns a list of domains it wants to redirect back to the script and then whenever a user clicks on a link that has been changed, they are redirected to a different page (often an affiliate link) than the one intended by the actual site. is carried over. Owner.

Imperva then decided to download the Chrome extension for AllBlock for further analysis to find out if it also leads to the same malicious behavior. After reviewing the extension’s source code, the firm found that it appeared like any other ad blocker, using the background script “bg.js” to insert a JavaScript code snippet into each new tab.

Despite its findings, Imperva doesn’t believe the way the script was injected and there is a huge campaign taking place that could use different distribution methods as well as other extensions, so it found the origin of the attack. .

If you have added AllBlock to your browser, you should remove the extension immediately if you do not want additional ads to be placed on the websites you visit. Thankfully though, it appears that Google has removed the extension in question from the Chrome Web Store.

  • We have also highlighted the best browsers

- Advertisement -

Stay on top - Get the daily news in your inbox

Recent Articles

Related Stories