Chrome extension blocking surprise ads injecting ads into Google search pages


A new deceptive ad injection campaign was found using an ad blocker extension for Google Chrome and Opera web browsers to sneakily insert ads and affiliate codes into websites, according to new research from the cybersecurity company Imperva.

The findings follow the discovery of malicious domains distributing an ad injection script in late August 2021 that researchers connected to an add-on called AllBlock. The extension has since been pulled from the Chrome Web Store and Opera add-on markets.

Automatic GitHub backups

While AllBlock is designed to legitimately block ads, JavaScript code is injected into each new tab opened on the browser. It works by identifying and sending all the links on a web page – usually on search engine results pages – to a remote server, which responds with a list of websites to replace the genuine links, leading to a scenario where, by clicking on a link, the victim is redirected to another page.

“When the user clicks on a modified link on the web page, they will be redirected to an affiliate link,” said Imperva researchers Johann Sillam and Ron Masas. “With this affiliate fraud, the attacker makes money when specific actions such as registering or selling the product take place.”

AllBlock also features a variety of techniques to avoid detection, including clearing the debug console every 100ms and excluding major search engines. Imperva said the AllBlock extension is likely part of a larger distribution campaign that may have used other browser extensions and delivery methods, with links seen to a previous PBot campaign based on name overlaps from domain and IP addresses.

Prevent ransomware attacks

“Ad injection is an evolving threat that can impact almost any site. Attackers will use anything from browser extensions to malware and adware installed on visitors’ devices, making the Most site owners ill-equipped to handle such attacks, ”said Sillam and Masas.

“When ad injection is used, site performance and user experience are degraded, making websites slower and more difficult to use,” the researchers added. “Other impacts of ad injection include loss of customer trust and loyalty, loss of revenue from ad placements, blocked content, and decreased conversion rates. “

Source link

Leave A Reply

Your email address will not be published.