A cybersecurity researcher has caught five different Google Chrome ad-blockers with leech scripts meant to harvest personal data. The data includes credit card information, usernames, passwords, and other sensitive credentials.
Ads are annoying and most of us have some sort of ad-blocker installed in our browsers – if you used one of the ad-blockers mentioned below, then its highly probable that your personal information has been stolen.
Chrome’s web store is full of extensions that leech user data and plant devices with malware to damage system resources. Moreover, these extensions are able to monitor each browsing session and keep track of which websites you visit including your passwords.
Over 20 Million Users
Adguard’s Andrey Meshkov made this discovery and found five ad-blockers with malicious lines of code inside them. These ad-blockers copied names and keywords of some of the popular ad-blocking extensions to appear in search results. These extensions were being used by over 20 million users before Google removed them off of the system.
Here are the malicious and dangerous extensions
- uBlock Plus
- HD for YouTube
- AdRemover for Google Chrome
- Adblock Pro
AdRemover for Google Chrome had over 10 million users, uBlock Plus had 8 million, and Adblock Pro had more than 2 million. All of the aforementioned extensions mined user data and have been removed from Chrome’s web store for now.
How They Worked
Apparently, these extensions sent user data back to a remote server upon each browsing session. This remote server sent commands to the extension running on user’s browser, which was able to control the extension and monitor user data. Meshkov says,
These commands are scripts which are then executed in the privileged context (extension’s background page) and can change your browser behavior in any way.
Basically, this is a botnet composed of browsers infected with the fake Adblock extensions. The browser will do whatever the command center server owner orders it to do.