Black Hat

Malware Posing as Ads Blocker Has Been Downloaded by Millions of People

Malware Posing as Ads Blocker: The Ads Blocker that you have installed in your browser may be actually a malware. The Co-Founder of Ad-Blocker AdGuard recently had audited a number of ad blockers on the Google Chrome Web Store.

Almost these all extensions look legit but actually they carry malware in their coding.

Meshkov Said, “Basically I downloaded it and checked what requests the extension was making,” Meshkov told me over the phone. “Some strange requests caught my attention.”

He also discovered AdRemover extension from Chrome has a script loaded from the romote command server, which is basically giving the extension developer the capabilities to change its functionality without updating the existing code.

Motherboard has asked Google about this and the company has then removed the extension.

Although Meshkov didn’t immediately notice what the extension was actually collecting the data for, but he stated that the link to a remote server could be dangerous enough because it could change the way your browser behaves in many ways.

He also said that the web pages you visit could also alter the appearance of a web pages that a user visits.

The Google Chrome Store has a huge history of approving the Sketchy extensions to Google Store. While the code might not do anything but it could definitely allow the malicious behavior.

“For instance, the extension could probably man-in-the-middle attacks all the request coming from your browser, but it can’t, for instance, read your browser’s encrypted password database, because that is not a privilege that extensions can have, “Zhu explained over a Twitter direct message”.

While Google has officially removed the extensions that Meshkov flagged, but still the Google Chrome is full of these types of extensions.

Related Articles

Leave a Reply

Back to top button