Ad injection campaign used ad-blocking Chrome extension

Cybersecurity company Imperva discovered a new ad injection campaign that tricked people by using an ad blocker extension. The campaign snuck ads and affiliate codes onto websites using the extension for Chrome and Opera browsers.

Chrome and Opera, affected by ad injection campaign

In late 2021, researchers found a script that injected ads on legitimate domains. Attackers were using some rogue domains for this. So, the script was connected to an extension called AllBlock.

So, both Chrome and Opera pulled the extension from their marketplaces following this discovery.

AllBlock is designed to block ads. Thus, it works by identifying all links, usually on search results. But attackers injected a JavaScript code into every tab of an open browser, using it. This identified and sent all the links to a remote server. Then, this server replaced the links with a list of websites. Thus, when a user clicked on one of these, the victim was redirected to a rogue page.

A very effective method

Hohann Sillam and Ron Masas mentioned that the method is very effective. Thus, whenever users access the rogue links, the browser redirects them to an affiliate one. So, using this fraud, the attackers earn money with every registration or other specific action, such a a sale of a product

AllBlock’s code includes multiple techniques to make sure technologists can’t find it. It clears the developer console every 100 milliseconds and excludes major search engines.

According to the Imperva researchers, the AllBlock extension might be part of a larger distribution campaign. So, this may have used other browser extensions to deliver their ad injection campaign. This might be in connection to previous Pbot campaigns, which used overlapping in domain names and IP addresses.

Stay away from the “evolving threat”

Both Johann Sillam and Ron Masas, from Imperva, warn that this kind of attack “is an evolving threat that can impact almost any site.” They believe that hackers use extensions and install adware on the victims’ machines.

But this affects both the websites’ performance and user experience, as webpages become slower. Also, such attacks lead to “loss of customer trust and royalty.” Moreover, it affects companies’ revenues , blocks content and the conversion rates are lower.

In order to keep away any kind of ads, thus also ad injection campaigns, you should use a Windows native ad blocker. This would not load in your browser, so it will stay away from these hackers. One of the best ad blockers is available. Download Ad Guardian Plus now!