News

Fake Google Chrome Ad Blocker Extensions Were Cookie Stuffing

Giulio Saggin
Giulio Saggin
Tuesday 28 November 2023

Two ad blocking extensions being used by over 1.5 millions users have been removed from the Google Chrome Web Store because they are fake, reports AdGuard.

The extensions - AdBlock by AdBlock Inc. and uBlock by Charlie Lee - have also stolen their names from legitimate ad blocking extensions.

"At first, these add-ons just do what they're supposed to do — they block ads," writes Andrey Meshkov, co-founder and CTO of AdGuard, in the report. "They both are based on the code of the original AdBlock extension so the quality is good enough ... However, about 55 hours after the installation, the response suddenly changes ... This new response contains a list of commands for the extension to execute. After that the extensions' behavior changes, and they start doing a few more things besides ad blocking."

One of the "things besides ad blocking" is cookie stuffing, the process whereby the fake extensions are 'stuffed' with extra cookies, so when the unsuspecting user visits a site and makes a purchase, the creator of the fake extension gets paid a commission.

Meshkov uncovered the cookie stuffing when he discovered the affiliate program of one website sent the user's browser an 'affiliate' cookie, so when purchases were made on that website, the commission went to the creator of the fake extension.

"There are many more affiliate links they are using for this," writes Meshkov, including microsoft.com, linkedin.com, aliexpress.com and booking.com.

The report was unable to say specifically how much had been profited, but estimated it to be millions of dollars each month.

Google has removed the extensions.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203