Ad blocker add-ons can also cause trouble to users. Recently, Google has busted two ad blockers from Chrome for ‘cookie stuffing’.
Fake Ad Block Extensions on Play Store
Recently, Andrey Meshkov of AdGuard found more fake ad blockers on the Play Store. Precisely, he found some ad blockers on Chrome that seemed functional and legit but were actually fake.
Elaborating on his findings in a blog post, he mentioned about two of such ad blockers; AdBlock and uBlock. Though the names sound familiar, the researcher found these two extensions impersonating the original AdBlock and uBlock extensions. In other words, the other two used fake names.
The reason why these adblockers stayed on the Play Store is that deception alone didn’t contribute to the removal of an extension. Both the add-ons apparently worked fine (hence, gaining thousands of users). However, scratching the surface further let Meshkov discover malicious behavior – cookie stuffing.
The researcher explained that the extensions used to function well in the beginning, as they worked over the codes for original ‘Adblock’. However, 55 hours after the installation, the extensions began executing malicious activities alongside blocking ads. As described by Meshkov,
They now send a request to urldata.net for each new visited domain… In response, your browser receives a special “affiliate” cookie.
Because of these affiliate cookies, the extension owners used to make money for every new purchase by the ad blockers’ user. Prominent victims of this behavior include Microsoft, LinkedIn, Booking.com, and AliExpress.
In addition, the add-ons could detect developer consoles to halt malicious activities, thus evading detection.
Google Removed Fake Chrome Ad Blockers
While both the fake ‘Adblock’ and ‘uBlock’ extensions existed on Play Store for quite a while, the researcher confirmed that Google has now removed both of these Chrome ad blockers. This may be attributed to the otherwise effective ad blocking functionality of the add-ons and their deceptive use of popular adblocker names.
This isn’t the first time that the researcher have highlighted malicious ad blockers. Last year, Meshkov highlighted numerous ad blockers with millions of downloads that actually contained malware. Google removed these add-ons later.
Following repeated problems with these extensions, Google also announced working on limiting the capabilities of ad blockers and other extensions with Manifest V3. Nonetheless, the recent instance raises concerns over how Google will manage to keep these extensions off the Play Store in future.