Why Fake AdBlockers Are Another Warning Sign For Online Businesses

Ohad Greenshpan
  • Ohad Greenshpan
  • June 14, 2018

When looking back at the recent wave of consumers who were duped into downloading fake and malicious ad blockers, it may be easy for more tech-savvy professionals to assume that the prevalence of users falling prey to various kinds of fraudulent software is relatively insignificant – a drop in the bucket.

After all, it’s already well known within the industry that many free browser extensions regularly inject malware and spyware-driven advertising into the browsing experience in exchange for practical browser enhancements. In recent months, it’s also become evident that end-user devices are being exploited and turned into crypto-mining terminals.

But with over 20 million users recently discovered to have downloaded fake ad-blocking extensions – that drop in the bucket seems much closer to a Tsunami of infected user browsers.

In truth, it’s not hard to understand why these particular malicious browser extensions were so effective, impacting users who in fact were trying to protect themselves. The hackers behind these fake ad blockers have honed in and capitalized on user fear – and have smartly targeted them where they least expect it.

Fish in a Barrel for Poorly Vetted Ad Blocker Imposters

Understandably, hundreds of millions of users turned to these fake ad blockers in the first place because they were seeking security from disruptive ads when they browse online. But just because ‘it looks like an ad blocker’ doesn’t mean it actually is one – these extensions were simply cleverly disguised clones of legitimate ad blockers embedded with malicious code, and given legitimate names, such as ‘AdRemover for Google Chrome™’, which was installed by over 10 millions users.

The deceptive nature of this kind of exploit was wildly successful – for the hackers that is.

The five most downloaded fake adblock extensions netted over 20 million installs in Google’s Chrome store. Click To Tweet

Consumer-Side Injections An Expensive Problem For eCommerce Businesses

Once downloaded, the extensions execute commands sent by a remote server from within the extension’s background page. From there, they gain access to all of the web pages a user visits and can inject them with unauthorized content –and that can quickly turn what appears to be a problem for consumers into a rather costly one for online businesses.

Invasive content includes Customer Journey Hijacking, where unauthorized ads disrupt a significant chunk – 15-25% of all web sessions – of an eCommerce site’s visitors and divert them to competing promotions, losing businesses substantial revenue and compromising brand reputation.

Collectively, these malicious extensions form a massive network of infected browsers that let hackers track all of the websites a user visits as well as alter browser behavior

While Google has since removed the particular malicious ad blockers from its web store, preventing such tactics by bad actors in the future will require improved vetting processes on its part. The fake extensions flooded their descriptions within the store with keyword spam to get ranked at the top of user searches for ‘adblocker’. They also added bogus reviews and testimonials from fabricated media sites that they correctly assumed almost no one would actually check out.

If you’re a typical consumer downloading an ad blocker from the Chrome web store, you may at most skim the extension description and glance at a couple of these reviews. Then you’d install the ad blocker and think, “problem solved”. Put all of these bells and whistles together and they make for a pretty crafty move by these malicious opportunists.

Make Sure Hijacked Browsers Don’t Hijack Your Customers

One thing is certain – you can expect hackers to continue capitalizing on any opportunities they can uncover on the consumer side, be it stealing personal data, mining for cryptocurrency, or skimming customers and online revenue away via injected ads.

Gaining better intelligence on how infected end-user browsers compromise the experience for your target customers has become critical to ensuring they actually receive the site experience your organization invests so heavily into creating.

Turning to disruptive digital commerce innovations that can detect and block malicious activity running on the user side will help prevent growing and evolving consumer-facing threats from distorting their experience on your site and luring them away.