Caught Red-Handed: How a Known Ad Injector Keeps Popping Up
December 10, 2019
by Shir Averbuch
If you are already familiar with the problem of Customer Journey Hijacking, then you likely realize what an expensive nuisance ad-injecting malware can be for retailers. And if you have read any of our success stories, then you have seen real examples of the ways CJH affects these retailers.
But how do injected ads affect end users? And what does ad-injecting malware look like to these prospective customers?
To answer those questions, in this post we will explore just one of the many pieces of ad-injecting malware that are blocked by Namogoo’s Customer Hijacking Prevention (CHP) solution on behalf of our clients. (In other words, while many retailers’ customers may be stolen away by this malware, the companies we work with can be confident that it will not manage to display unauthorized ads to the shoppers in their online stores.)
The malware we will look at is a group of malicious browser extensions that were previously available in Google’s official Chrome Web Store. For our purposes, we singled out Smart Display, since it had the most downloads. Smart Display’s description claimed that it would automatically identify a user’s interests and then recommend products accordingly.
In reality, we identified two things the malware would do within end users’ browsers:
- Display ads for irrelevant products, which when clicked would redirect users to suspicious websites (as in the top right corner of the image below)
- Use a clickjacking scheme in which a user who clicked anywhere on the page (whether on the injected ad or not) would automatically be redirected to an external website.
How did this malware spread?
Smart Display became widely used when it was available for download from the Chrome Web Store. In total, it was installed directly from the store more than 100,000 times. In addition, it may have spread outside of the Chrome Web Store, infecting the digital devices of users who had not downloaded it intentionally.
After Google realized that this was not a legitimate browser extension, the ad-injecting malware was removed from the Chrome Web Store.
Unfortunately, that’s not the end of the story. Because Smart Display was installed on so many users’ digital devices before its removal, we see that it is still active during many online shopping sessions.
While we at Namogoo make sure that the retailers we work with don’t need to worry about their customers viewing ads injected by this malware, our Customer Hijacking Prevention solution also keeps track of how often this malware tries to display injected ads. Over the course of a recent month, we found that our technology prevented Smart Display from injecting ads during more than 100,000 sessions in which consumers shopped on our clients’ websites.
What does this example show us about Customer Journey Hijacking?
While this is just one instance of ad-injecting malware disrupting the customer journey, it can show us a few important points about Customer Journey Hijacking in general.
First, CJH is a powerful client-side threat to businesses, using unauthorized ads and other injected content to steal shoppers away from one website to another. In this particular case, we see that Smart Display used both suspicious product recommendations (through injected ads) and outright clickjacking to disrupt the customer journey. More generally, we at Namogoo see that Customer Journey Hijacking reduces affected retailers’ overall conversion rates by between 2% and 5%, resulting in a decrease of between 5% and 7% in their revenue per visitor.
Second, this example shows how difficult it can be to eliminate CJH. Although Smart Display has been banished from the Chrome Web Store, it continues to target shoppers. More generally, although retailers may be the ones most negatively impacted by CJH, they cannot solve the problem themselves through conventional cybersecurity solutions or server-side technology.
And third, the story of Smart Display shows us how effective an AI-powered, client-side approach to stopping CJH can be. In this case, the most obvious evidence of that effectiveness is the fact that Namogoo prevented more than 100,000 of Smart Display’s attempts to inject unauthorized ads in just one month. More generally, we see that our technology enables businesses to achieve a 90% reduction in the revenue being lost to CJH.
In short, while ad-injecting malware can be remarkably effective at disrupting the customer journey (even after it is discovered by online giants like Google), the right client-side technology can keep its ads off of your prospective customers’ screens.
How prevalent is Customer Journey Hijacking within your online store? To see how ad-injecting malware is impacting your prospective customers, you can get a free website analysis.