Malicious Ad Blockers caught in “cookie stuffing”

Ads are a common nuisance we come across while surfing the web and the only solution to these nasty little pop-ups are ad blockers. With the advancement of technology, ad blockers are now available as apps on mobile phones, but we have to be wary of them. 

Google found that two ad blockers on its Chrome Web Store – ‘AdBlock’ and ‘uBlock’ – were engaging in ad fraud. They were impersonating legitimate and very popular browser extensions to carry out cookie stuffing. It was discovered by Andrey Meshkov, co-founder and CTO of AdGuard. 

Now, what is Cookie Stuffing?

It is a technique in which extra information is added to a user’s cookie with a browser extension to make it appear as though more people than the actual count have clicked an ad. This is done to increase the amount of money the company earns by pay-per-click. Websites stuffed with cookies then becomes a goldmine for cybercriminals, including Microsoft.com and Linkedin.com.

However, it is not easy for users to differentiate between fraudulent and legitimate ad blockers. For example, in the case of ‘AdBlock’ and ‘uBlock,’ both have been titled very similarly to the existing AdBlock by getadblock and uBlock by uBlock.org or uBlock Origin by Raymond Hill, respectively and hence, are easily mistaken for the latter. Moreover, the fake ad blockers block out ads fairly decently, so it becomes even harder to see the malicious intent behind them. 

It was seen they only start acting 55 hours after installing them by sending out a request to urldata.net for every new domain the user visited. The extensions then received the affiliate links for these sites, and if the user made a purchase, the criminal behind the extension would be paid a commission. 

This is not the first time this type of activity has been caught – two years ago, Google found malicious Chrome extensions from the store attempting to spoof AdBlock Plus. It is a crime that is spreading due to its low-risk factor of being discovered. The above two extensions themselves had more than 1.6 million active users per week. This would mean millions of USD were being stolen every month. 

It has become a massive cause for concern. However, the silver lining is that there is potential to be prosecuted for such ad fraud. In 2014, Brian Dunning, a former eBay affiliate marketer, was jailed in federal prison for 15 months due to a 35 million dollar cookie-stuffing scam. This means that we are that much closer to finding who is behind this scheme and ending it once and for all.

Don't miss these stories