Fake Chrome ad blockers used to create botnets
More than 20 million Chrome users have been tricked into installing fake ad blockers that could see their machines recruited into a botnet, according to a new report.
A fake AdBlock Plus extension fooled many users last year. As many Chrome users discover ad blocking by browsing available extensions, so creating cloned fakes has become a popular tactic for cyber criminals according to AdGuard.
These latest extensions are simple rip-offs with a few lines of code and some analytics added by the 'authors'.
AdGuard's Andrey Meshkov writing on the company's blog says, "I must say the problem is not new. It's been a while since different 'authors' started spamming Chrome WebStore with lazy clones of popular ad blockers (with a few lines of their code on top of them). That's how users could end up installing 'Adguard Hardline' or 'Adblock Plus Premium' or something like that. The only way of fighting this stuff is to file a trademark violation abuse to Google, and it takes them a few days to take a clone down."
By spamming keywords in the extension description the creators are able to make their fakes appear in the top search results which gains trust from casual users.
Detailed analysis of one of the extensions shows that it uses malicious code to send back information about websites visited and receives commands that can change browser behavior.
You can find out more and see a list of extensions using this approach on the AdGuard blog.