Malicious Ad Blockers caught in “cookie stuffing”

Ads are a common nuisance we come across while surfing the web and the only solution to these nasty little pop-ups are ad blockers. With the advancement of technology, ad blockers are now available as apps on mobile phones but we have to be wary of them as well. 

Google found that two ad blockers on its Chrome Web Store – ‘AdBlock’ and ‘uBlock’ – were engaging in ad fraud. They were impersonating legitimate and very popular browser extensions to carry out cookie stuffing. It was discovered by Andrey Meshkov, co-founder and CTO of AdGuard. 

Now, what is Cookie Stuffing?

It is a technique in which extra information is added to a user’s cookie with the help of a browser extension to make it appear as though an ad has been clicked by more people than the actual count. This is done to increase the amount of money the company earns by pay-per-click. Websites stuffed with cookies then becomes a goldmine for cyber criminals, including Microsoft.com and Linkedin.com.

However, it is not easy for users to differentiate between fraudulent and legitimate ad blockers. For example, in the case of ‘AdBlock’ and ‘uBlock’, both have been titled very similarly to the existing AdBlock by getadblock and uBlock by uBlock.org or uBlock Origin by Raymond Hill, respectively and hence, are easily mistaken for the latter. Moreover, the fake ad blockers do block out ads fairly decently so it becomes even harder to see the malicious intent behind it. 

It was seen that they only start acting 55 hours after installing them by sending out a request to urldata.net for every new domain the user visited. The extensions then received the affiliate links for these sites and if the user made a purchase on that site, the criminal behind the extension would be paid a commission from the sites. 

This is not the first time this type of activity has been caught – two years ago, Google found malicious Chrome extensions from the store that were attempting to spoof AdBlock Plus. It is a crime that is spreading due to its low risk factor of being discovered. The above two extensions themselves had more than 1.6 million active users per week. This would mean millions of USD were being stolen on a monthly basis. 

It has become a huge cause for concern, however, the silver lining is that there is potential to be prosecuted for such ad fraud. In 2014, Brian Dunning, a former eBay affiliate marketer, was jailed in federal prison for 15 months due to a 35 million dollar cookie-stuffing scam. This means that we are that much closer to finding who is behind this scheme and ending it once and for all.

Don't miss these stories