It turns out that a browser extension that says 'ad blocking' was actually inserting ads on the page
Security company
The ad blocker that injects ads | Imperva
https://www.imperva.com/blog/the-ad-blocker-that-injects-ads/
Ad-blocker actually delivers ads, say security researchers • The Register
The extension in question is called 'All Block' that was distributed for Chrome and Opera. One day, Imperva's research team was conducting regular checks on potential threats on web pages, and found an ' ad injection ' script that displayed unauthorized ads on web pages for the purpose of getting users to click. I found the domain I'm distributing.
An analysis of the script and related Chrome extensions by the research team reveals that AllBlock is doing the same malicious behavior. AllBlock was distributed as a mere ad blocking extension, but a careful analysis by the research team revealed that a script was written to hide the behavior of malicious code.
When it was actually operated, a news site containing affiliate links was displayed in the search results.
The research team said, 'The ads displayed by the script are from non-legitimate sources, contain affiliate links, and malicious people may be stealing advertising fees. Ad injection is an evolving threat. And can affect almost any site. '
He also said that such extensions have passed the security checks of each browser: 'Google claims to be scrutinizing the security of Chrome extensions and blocking threats, but in question. Extensions are being distributed despite the potential for stealing Google's revenue, which indicates that Google's processes aren't working brilliantly. '
Related Posts:
in Security, Posted by log1p_kr