Fake ad blockers in the Chrome store had over 20 million installs

Google removed the impostors from the Web Store after AdGuard revealed their existence.

If you can't find that ad blocker you recently installed from the Chrome Web Store, you might want to do some browser spring cleaning. Google has killed five top-ranking ad blockers after AdGuard published a report revealing they're fake extensions with extra code that harvest info on the websites you visit. They apparently send the data they collect to remote servers in order to manipulate Chrome's behavior. "Basically, this is a botnet composed of browsers infected with the fake adblock extensions," AdGuard wrote in its report. "The browser will do whatever the command center server owner orders it to do."

Fake ad blockers have been fooling people since at least 2017 -- last year, 37,000 people installed a fake AdBlock Plus created by what SwiftOnSecurity called a "fraudulent developer who clones popular name and spams keywords." Like that AdBlock Plus impostor, the ones AdGuard discovered also spammed keywords to get to the top of the search results. Their creators simply ripped off legit extensions and added a few lines of malicious code hidden inside benign-looking images -- they didn't even bother thinking of creative names for their fake products.

Apparently, people don't care if an extension's name is something lazy and generic like "AdRemover" and will download it, so long as it's somewhere near the top. According to AdGuard, the fake ad blockers managed to trick over 20 million users into installing them. So, how can you avoid fake extensions going forward? AdGuard says the best way to protect yourself is to check an extension's author and making sure that it's a company you can trust.

[Image credit: AdGuard]