Welcome to the

AdGuardian Plus Blog


Ad injection campaign used ad-blocking Chrome extension

Ad injection

Cybersecurity company Imperva discovered a new ad injection campaign that tricked people by using an ad blocker extension. The campaign snuck ads and affiliate codes onto websites using the extension for Chrome and Opera browsers.

Chrome and Opera, affected by ad injection campaign

In late 2021, researchers found a script that injected ads on legitimate domains. Attackers were using some rogue domains for this. So, the script was connected to an extension called AllBlock.

So, both Chrome and Opera pulled the extension from their marketplaces following this discovery.

AllBlock is designed to block ads. Thus, it works by identifying all links, usually on search results. But attackers injected a JavaScript code into every tab of an open browser, using it. This identified and sent all the links to a remote server. Then, this server replaced the links with a list of websites. Thus, when a user clicked on one of these, the victim was redirected to a rogue page.

A very effective method

Hohann Sillam and Ron Masas mentioned that the method is very effective. Thus, whenever users access the rogue links, the browser redirects them to an affiliate one. So, using this fraud, the attackers earn money with every registration or other specific action, such a a sale of a product

AllBlock’s code includes multiple techniques to make sure technologists can’t find it. It clears the developer console every 100 milliseconds and excludes major search engines.

According to the Imperva researchers, the AllBlock extension might be part of a larger distribution campaign. So, this may have used other browser extensions to deliver their ad injection campaign. This might be in connection to previous Pbot campaigns, which used overlapping in domain names and IP addresses.

Stay away from the “evolving threat”

Both Johann Sillam and Ron Masas, from Imperva, warn that this kind of attack “is an evolving threat that can impact almost any site.” They believe that hackers use extensions and install adware on the victims’ machines.

But this affects both the websites’ performance and user experience, as webpages become slower. Also, such attacks lead to “loss of customer trust and royalty.” Moreover, it affects companies’ revenues , blocks content and the conversion rates are lower.

In order to keep away any kind of ads, thus also ad injection campaigns, you should use a Windows native ad blocker. This would not load in your browser, so it will stay away from these hackers. One of the best ad blockers is available. Download Ad Guardian Plus now!

Laurentiu Titei
About author

Laurentiu, a creative content writer, has been producing articles about technology for more than 10 years. He is interested in all the security and internet news and his mainstream media background helps make them readable for all kinds of users. Moreover, he grows the appropriate social media channels for websites.
Related posts

More control over personal data for Play Store users


Ad rates: Facebook advertisers can pursue class action


Ad Monetization: YouTube started streaming free TV shows


Fake ads trigger one more trial for Meta, in Australia

Leave a Reply

Your email address will not be published. Required fields are marked *