The existence of malware pretending to be Chrome's ad blocker extension function has been found, already downloaded 20 million times or more



It turned out that there were cases in which quiet malware was sneaked into ad blocking function released as an extension of Google's web browser "Chrome". Advertisement blocker that revealed this fact "AdRemover extension for Chrome"(AdRemover) has been downloaded over 20 million times so far.

Over 20,000,000 of Chrome Users are Victims of Fake Ad Blockers
https://blog.adguard.com/en/over-20-000-000-of-chrome-users-are-victims-of-fake-ad-blockers/

Millions of Chrome Users Have Installed Malware Posing as Ad Blockers - Motherboard
https://motherboard.vice.com/en_us/article/59jakq/chrome-ad-blockers-malware

This fact was discovered by Andrey Meshkov, co-founder of the advertisement blocker "AdGuard" developer. Meshkov, who was interested in the situation where there were several copies of popular ad blockers among ad blockers distributed on Google's Chrome Web Store, downloaded one of them and downloaded the content code It seems that he investigated in detail.

Mr. Meshkov found out that the original add blocker has a strange behavior that is difficult to think. "Basically I downloaded an adblocker and checked what kind of request I am making, but some strange requests have attracted my attention."

Mr. Meshkov discovered that AdRemover can perform other functions from the beginning without updating extensions with code hidden in the image (.png) loaded from the remote command server It was the fact that it became possible. This fact alone Adremover is in a state contrary to Google's terms, Mr. Meshkov posts an example on AdGuard's blog. After that, AdRemover has been removed from the Chrome Web Store, and we also acknowledge the fact that we also deleted Google.


Meshkov said that AdRemover was not able to ascertain what kind of data it was actually gathering, but the way to have a link to a remote server in this way is to make sure the behavior of the browser It is dangerous because it leads to changing in various ways. Mr. Yang Zu who is the developer of the browser "Brave" focusing on privacy, for example, has his PC as a stepping stone for attackMan-in-man attackThere is a possibility that it may lead to being caught up in. However, they point out that they do not have the authority to access important data such as passwords stored in an encrypted state in the browser.

AdRemover has already been removed from the Chrome Web Store, but Meshkov says that it seems that it is still in a state where mass extensions of similar extensions are still being provided. Meshkov recommends "visit the developer's website" as a method for finding out whether it is suspicious extension or not. If it is a developer who provides legitimate extensions, since the link to be installed must be affixed to the site, it can be a material that can judge whether or not it can be relieved.

And, of course, it says that it is important to know exactly what kind of function you are installing.

in Software,   Security, Posted by darkhorse_log