Millions of Chrome Users Have Installed Malware Posing as Ad Blockers (vice.com)

← Back to Stories (view on slashdot.org)

Millions of Chrome Users Have Installed Malware Posing as Ad Blockers (vice.com)

Posted by msmash on Thursday April 19, 2018 @08:40AM from the closer-look dept.

Kaleigh Rogers, writing for Motherboard: Andrey Meshkov, the cofounder of ad-blocker AdGuard, recently got curious about the number of knock-off ad blocking extensions available for Google's popular browser Chrome. These extensions were deliberately styled to look like legitimate, well-known ad blockers, but Meshkov wondered why they existed at all, so he downloaded one and took a look at the code. "Basically I downloaded it and checked what requests the extension was making," Meshkov told me over the phone. "Some strange requests caught my attention."

Meshkov discovered that the AdRemover extension for Chrome -- which had over 10 million users -- had code hidden inside an image that was loaded from the remote command server, giving the extension creator the ability to change its functions without updating. This alone is against Google's policy, and after Meshkov wrote about a few examples on AdGuard's blog, many of which had millions of downloads, Chrome removed the extensions from the store. I reached out to Google, and a spokesperson confirmed that these extensions had been removed.

42 comments

Min score:

Reason:

Sort:

The wise... by Anonymous Coward · 2018-04-19 08:46 · Score: 1

...verify the legitimacy of the source.
The sort of logical mindset that one needs to keep one's self safe on the Internet is not universal. Many people are born without it. They may have other skills that are valuable, but the days in which they could thrive without logical clarity are vanishing into the past.
There will be pain....but ultimately those with keen minds will have enough of a survival advantage over the rest, that natural selection will get us where we need to be.
Eventually.
1. Re:The wise... by Richard+Stalin · 2018-04-19 08:57 · Score: 1
  
  uBlock Origin here.
  
  Keeps the Slashdot Spam in check. (TM)
2. Re:The wise... by mrbester · 2018-04-19 09:01 · Score: 5, Funny
  
  Hallowed are the Ori.
  
  --
  "Wait. Something's happening. It's opening up! My God, it's full of apricots!"
3. Re:The wise... by Anonymous Coward · 2018-04-19 09:07 · Score: 0
  
  Netscape 6.2 is your friend...
  CAP === 'moaned'
4. Re:The wise... by Anonymous Coward · 2018-04-19 09:13 · Score: -1
  
  I for one welcome our new I.T. closet cleaner adblocker overlord.
5. Re:The wise... by Anonymous Coward · 2018-04-19 09:28 · Score: 0
  
  Lynx user here.
  VWORD: choicest
6. Re:The wise... by Anonymous Coward · 2018-04-19 11:21 · Score: 0
  
  ...verify the legitimacy of the source.
  The sort of logical mindset that one needs to keep one's self safe on the Internet is not universal. Many people are born without it.
  Which is exactly why you have an "App Store". Everything submitted must be extensively and carefully vetted by whoever runs the store -- Apple, Google, whatever. Otherwise, there is no point. You might as well just download stuff from random websites.
  But the people running the store don't give two shits. They don't even give one shit.
7. Re:The wise... by Anonymous Coward · 2018-04-19 12:38 · Score: 0
  
  Keeps the Slashdot Spam in check. (TM)
  Does it remove the APK and GNAA posts?
8. Re:The wise... by Anonymous Coward · 2018-04-19 12:46 · Score: -1
  
  MODDOWN! ; creimer youtube spam post again!
  creimer wants you to click on his youtube channel, then click on his stupid amazon affiliate link spam on Youtube. There is nothing of value on creimer youtube channel. Only creimer click-bot goes there.
  
  CREIMER' SUBMISSIONS UPDATE:
  Note also that creimer is trying to regain karma by getting his submissions published as articles on /. so make sure to go to:
  https://slashdot.org/~__aaclcg...
  https://slashdot.org/~IDrinkFa...
  https://slashdot.org/~_sharp'r...
  https://slashdot.org/~crreimer
  https://slashdot.org/~cdreimer
  https://slashdot.org/~criss69
  https://slashdot.org/~Anonymou...
  https://slashdot.org/~FatCashe...
  https://slashdot.org/~ILoveFat...
  https://slashdot.org/~IHateFat...
  https://slashdot.org/~IAteFatC...
  https://slashdot.org/~ITapeFat...
  https://slashdot.org/~IApeFatC...
  https://slashdot.org/~IPrayFat...
  https://slashdot.org/~FatCashe...
  and mod down his submissions as well. The great thing is that you don't even need mod points to mod down a submission, just click on the "minus" icon!
  Yes, believe it or not, creimer owns all the above sock puppet accounts. It is a mystery why Slashdot management tolerates it!
  creimer wrote:
  
  I don't bother with mod points. I'm doing something much more sinister. It took ten story submissions ? I'll have to double check the number ? to move cdreimer's karma from neutral to excellent without ever being exposed to the capricious mods. Mmmmmwwwwahahahahahahaha!
  https://slashdot.org/comments....
  Danger, Will Robinson, Danger! Creimy is posting more than 2 posts a day. Hurry! mod down otherwise /. will go to hell again!
  Note: you can mod down even if already at -1 to lower karma and to prevent lost /. users to accidentally mod up.
  creimer wrote:
  
  All you need to do is find a website with a permissive TOS, say, Slashdot, create a Python script to scrape your own comments, sprinkle Amazon affiliate links in various posts, and then re-post past links whenever possible. Won't be long before you start making "coffee money" each month.
  https://slashdot.org/comments....
  C.D. Reimer is a renowned Slashdot collaborator, as he puts it himself; "Because of the quality of my posts and my article submissions, I'm a highly rated commentator and moderator."
  But does anybody ever wondered what "C.D." stands for? Well, it stands for Creimy Dumpty of course!
  Creimy Dumpty sat on the wall,
  Creimy Dumpty had a great fall.
  All the king's horses
  And all the king's men
  Couldn't put Creimy Dumpty
  Together again.
  Creimy's siblings video and theme song, very realistic, especially the pants, just like Creimy's:
  https://www.youtube.com/watch?...
  With "Vice President Pence Vowing US Astronauts Will Return To the Moon", we are sure they will need miracle workers up there, here is what it would look like. Note that Creimy takes ca
9. Re:The wise... by Calydor · 2018-04-19 17:58 · Score: 1
  
  Purge the ads in holy fire? I can get behind that.
  
  --
  -=This sig has nothing to do with my comment. Move along now=-
2018, people are still dumb by known_coward_69 · 2018-04-19 08:48 · Score: 1

Most of these extensions have nothing but an anonymous internet email behind them and yet people and computer geeks install them and literally give admin access to their computer to strangers
1. Re:2018, people are still dumb by Deathlizard · 2018-04-19 09:07 · Score: 4, Insightful
  
  This has been in my Sig for years now.
  Laws of computer stupidity
  1) 99% of computer users do not know what they are doing.
  2) Computer users do not read.
  3) If a computer user can click on it, they will. If they need to click on it, they won't
  4) You can patch software, but you can't (legally) patch stupid.
  And It will still be relevant decades from now, Especially since I can do a search for adblock plus right now on the chrome web store and pick out 20+ fake apps in 5 seconds.
  
  --
  In Soviet Russia, Trojan exploits YOU!
Irony by ausekilis · 2018-04-19 08:52 · Score: 2

So people get Chrome because its "fast and safe". They trust this company who loves to siphon all the public's data. That same public then wants to avoid the obnoxious advertisements pushed by Google, and get malware... from a site managed by Google.
You'd think Google would get the picture and provide some sort of built-in ad management/protection in Chrome. With millions of downloads it's pretty obvious what people want. So why haven't they done a built-in ad-block?
1. Re:Irony by ShanghaiBill · 2018-04-19 08:59 · Score: 5, Insightful
  
  You'd think Google would get the picture and provide some sort of built-in ad management/protection in Chrome.
  An advertising company blocking competing ads would likely attract plenty of attention from anti-trust authorities.
2. Re:Irony by Anonymous Coward · 2018-04-19 08:59 · Score: 0
  
  Lawsuits. If Chrome blocked other advertisements, they'd get every marginally legal banner ad company filing unfair competition lawsuits for abuse of their share of the browser market.
3. Re:Irony by Anonymous Coward · 2018-04-19 09:00 · Score: 0
  
  Advertisers would flip if Chrome had a built in blocker... (Advertiser) So we're paying you to display ads on websites, then your blocking those ads for the end user... Yeah sign me up... ?
4. Re:Irony by Anonymous Coward · 2018-04-19 09:01 · Score: 0
  
  Because Google's business is serving Ads. Why would they build into their own product the ability to block their own cash-flow?
5. Re:Irony by rudy_wayne · 2018-04-19 11:23 · Score: 1
  
  You'd think Google would get the picture and provide some sort of built-in ad management/protection in Chrome.
  An advertising company blocking competing ads would likely attract plenty of attention from anti-trust authorities.
  Yes.
  But more importantly, Google is NOT a tech company. Google is an advertising company.
6. Re:Irony by Anonymous Coward · 2018-04-19 13:06 · Score: 0
  
  Take it from Chief Google Asshole Shawn Willden, aka Shillden, obnoxious advertisements and malware are definitely Good Things!!!
7. Re:Irony by Anonymous Coward · 2018-04-19 13:45 · Score: 0
  
  Even more ironic is there was recently a story here on slashdot about Chrome running malware scans on people's computers.
google should know better by FudRucker · 2018-04-19 08:56 · Score: 2

they should keep a close eye on all the extensions and plugins and themes and whatever else third party things go in to not only chrome, but also google play store, they should all be audited as they are upload and before allowed downloading by the general public, things like this malicious extension is a BIG BLACK EYE for google and it causes me to lose a little trust in google, if this sort of thing keeps happening i will take a hammer to my phone and tablet and buy a dumb phone that is incapable of getting software from anywhere, and go back to using a browser without any addons because i cant trust them anymore

--
Politics is Treachery, Religion is Brainwashing
1. Re:google should know better by datavirtue · 2018-04-19 09:12 · Score: 1
  
  I have a feeling I'm going to retire to the forrest and run into all you fuckers.
  
  --
  I object to power without constructive purpose. --Spock
2. Re:google should know better by war4peace · 2018-04-19 09:28 · Score: 1
  
  Please don't retire into Forrest Gump. He deserves better!
  
  --
  ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
3. Re:google should know better by FudRucker · 2018-04-19 09:31 · Score: 1
  
  the forest is full of grouchy old Luddites that hate high tech
  
  --
  Politics is Treachery, Religion is Brainwashing
4. Re:google should know better by Kjella · 2018-04-19 09:32 · Score: 1
  
  they should keep a close eye on all the extensions and plugins and themes and whatever else third party things go in to not only chrome, but also google play store, they should all be audited as they are upload and before allowed downloading by the general public, things like this malicious extension is a BIG BLACK EYE for google
  You think Google has time to audit every line of source code for an application that goes into the app store, even if they could? They have a policy, they look out for gross violations but trojans hide their shit and try not to trigger flags in review processes, to anti-virus, when running in sandboxes etc. so of course crap will get through. I think you have an unrealistic standard that an app store will insulate you from all outside malice. Heck, even in open source somebody can manage to slip in some underhanded bugs if they're subtle enough.
  
  --
  Live today, because you never know what tomorrow brings
5. Re:google should know better by Anonymous Coward · 2018-04-19 09:33 · Score: 0
  
  if this sort of thing keeps happening i will take a hammer to my phone and tablet and buy a dumb phone that is incapable of getting software from anywhere, and go back to using a browser without any addons because i cant trust them anymore
  No you won't because we're addicted to them at this point and you're at a severe disadvantage if you don't have one. The power of having the internet essentially anywhere at any time is invaluable. Instead of making outrageous claims that will never happen we should start looking for real solutions. The ad networks and advertising in general is what needs an overhaul and those are actually somethings we can change.
6. Re:google should know better by Anonymous Coward · 2018-04-19 10:04 · Score: 1
  
  >You think Google has time to audit every line of source code for an application that goes into the app store, even if they could?
  Sure. Google sponsors Project Zero, whose team of security experts find zero days exploits in products that they don't even have the source code for. A number of other "googlers" have discovered vulnerabilities in many non-google products as well https://www.google.com/about/appsecurity/research/. Why not hire some devs to do some testing of extensions that they offering through their store? Google can afford it.
7. Re:google should know better by Anonymous Coward · 2018-04-19 10:42 · Score: 0
  
  Yeah, fuck google. They rape you over for your private info and then throw your almost lifeless carcass to whoever.
8. Re:google should know better by rudy_wayne · 2018-04-19 11:26 · Score: 1
  
  >You think Google has time to audit every line of source code for an application that goes into the app store, even if they could?
  Sure. Google sponsors Project Zero, whose team of security experts find zero days exploits in products that they don't even have the source code for. A number of other "googlers" have discovered vulnerabilities in many non-google products as well https://www.google.com/about/appsecurity/research/. Why not hire some devs to do some testing of extensions that they offering through their store? Google can afford it.
  Exactly.
  Google has the resources. There is ZERO excuse for malware or any mis-behaving programs making it into an official Google-run app sore. Zero Excuses.
9. Re:google should know better by amiga3D · 2018-04-19 13:35 · Score: 1
  
  You install an extension that was provided by a third party. That's a risk you choose to take. If Google has to choose between vetting every extension or getting rid of third party extensions which do you think will happen?
10. Re:google should know better by Anonymous Coward · 2018-04-20 01:49 · Score: 0
  
  So "high tech" = malware in your little pathetic world?
  Piss off, wanker.
Well back do the drawing board FBI by Anonymous Coward · 2018-04-19 09:10 · Score: 0

who do you think did it?
Offending malware removed... by datavirtue · 2018-04-19 09:11 · Score: 1

Nothing to see here, everything is OK now....they removed it from the store.

--
I object to power without constructive purpose. --Spock
1. Re:Offending malware removed... by rudy_wayne · 2018-04-19 11:28 · Score: 1
  
  And I'll bet it was re-uploaded under a slightly different name 5 minutes later.
  "Google -- Because Fuck You, that's why."
ShanghaiBill = fake name massive human fail by Anonymous Coward · 2018-04-19 10:14 · Score: -1

See subject: Your MASSIVE FAIL in this life is you're nothing more than a chattering little do-nothing "ne'er-do-well" online & you know it...
* Is that the best your "phantasyland FAKE NAME" (for your fake lie of a so-called 'life') can manage?
When a FAKE NAME do nothing like YOU does better than I have? Then talk (you're all talk & no action)...
You can't help you're an immature little BUTTHURT no-mind, lol! I blew you away in TONS OF PLACES and easily dust your no-mind bullshit blatherings.
APK
P.S.=> The TRUE PRICE of your UNIDENTIFIABLE FAKE NAME do-nothing selves like you that I can ALWAYS CASH IN ON (lol) is that I can use FACT/TRUTH on them to SHATTER their all TOO fragile delusional egos that they actually know A DAMN THING in computing, lol... apk
APK the spam coward by Anonymous Coward · 2018-04-19 10:29 · Score: -1

Up to your old tricks? You tried these intimidation tactics with me and got no where. Give up and find something productive to do with your life.
ZIP
1. Re:APK the spam coward by Anonymous Coward · 2018-04-20 00:53 · Score: 0
  
  This is what happens every time after APK posts a ton of things that get demolished. Now for a day or so we will see posts like this. He can't help it, much like his antisemitic rants that he also posts but doesn't sign, his belief that he is unduly silenced, or his belief of conspiracy theories. This is just how APK attempts to make up for all of his inadequacies.
uBlock is Open Source by Anonymous Coward · 2018-04-19 15:00 · Score: 0

Also add Privacy Badger from EFF and toggle the First Party Isolation switch. Most closed source software violates your rights.
This just in by Anonymous Coward · 2018-04-19 18:01 · Score: 0

All Google Chrome users have installed malware posing as web browser.
Times change, everything keeps the same by Anonymous Coward · 2018-04-19 19:39 · Score: 0

When people installed hundreds of toolbars on Internet Explorer it was clear that Microsoft was the responsible because Microsoft is evil and IE cancer. Now that the same shit happens with Chrome it's the user's fault because... because Chrome isn't a Microsoft product, obviously!
Reached out? by rizole · 2018-04-19 22:52 · Score: 3, Insightful

This kind of corporate jargon gets right up my nose. She didn't reach out to google, she contacted them. Reached out is such an over emotively laden phrase for "Emailed" or "Phoned" or "Visited reception and was escorted out the building".
Stop using it!
1. Re:Reached out? by Anonymous Coward · 2018-04-20 04:20 · Score: 0
  
  Been hearing this one a lot lately for some reason. "Going forward" is also getting annoying. We seem to have gotten rid of "Synergy", and "Cloudify", but "Price-point" is unfortunately still here as obnoxiously as ever.