Is this adware disguised as an anti-adware? Not an easy answer. A supposed ad-blocker for PC that has its own extensions for different browsers. Most of them open websites that encourage the user to download a program called Adguard. hxxp:///search/label/adblock%20youtube.hxxp://And there are some others that, after going to some kind of app aggregator, redirect to the real AdBlock.URLS to go to are being changed all the time. .addListener: Means that, when it is launched, this webpage is opened in Chrome.: Means that, once the app is installed, this webpage will be opened in Chrome.Internally, the only thing these apps do is this:įake AdBlockPlus code (in background.js file) Even more, they should be real extensions, rather than apps. That is strange and “impossible” if it was a real AdBlock, since these apps should be able at least to read and modify data in the websites you are visiting. Some of the AdBlocks detected from different developers Here are some samples (not all of them appeared at the same time): We have found the same program with little differences under several different developer accounts. Nothing new, except maybe for the platform used.ĭetected fake AdBlocks are very simple typical Chrome apps. Does this mean Chrome Web Store is storing adware/malware directly with these fake apps or extensions? Not at all (they are hosting ad injectors but trying to remove them), but they are allowing developers to upload fake extensions that take advantage of a reputed brand (like AdBlock) to confuse users and get them to download something else. This technique may result quite successful for attackers that want to “spam” their content, programs, adware or anything else. These apps (they are not extensions) are harmless “per se”, since they are just redirectors to some other website where some other programs are offered. Chrome Web Store is hosting fake AdBlocks, one of the most popular extensions for browsers. It is, in a way, a similar situation as when we found fake AdBlocks in Google Play and the recent use of Google Play Books as a platform for spreading adware and malware.
But, what if apps and extensions are just the “way” to convince to install some other software or to visit a webpage? Apps and extensions as a spam technique? This has been happening for a while now with fake “AdBlocks” that leads to some other Russian anti-adware, using the Web Store as a spamming platform. In fact, Google has just removed almost 200 offensive extensions affecting 14 million users. Chrome Web Store has been abused in the past, mainly by ad injectors or general adware.
0 kommentar(er)
