A web extension is a small software application that adds a capacity or functionality to a web browser. Web extensions are like a double-edged sword. Even though they make your online experience better and increase productivity, they also pose huge threats to both your privacy and security.
Being the most over-sighted weakest link in the browser security model, extensions sit between the browser application and the Internet — from where they look for the websites you visit and subsequently can intercept, modify, and block any requests, based on the functionalities they have been designed for.
Two widely used Adblocker Google Chrome extensions, posing as the original — AdBlock and uBlock Origin — extensions on Chrome Web Store, have been caught stuffing cookies in the web browser of millions of users to generate affiliate income from referral schemes fraudulently.
Discovered by researchers at Adguard, the two newly caught Chrome extensions mentioned below were found using the names of two real and very popular ad-blocking extensions in an attempt to trick most users into downloading them.
- AdBlock by AdBlock, Inc — over 800,000 users
- uBlock by Charlie Lee — over 850,000 users
Though these extensions were fully working as any other adblocker does by removing ads from web pages a user visits, the researchers caught them performing “Cookie Stuffing” as an ad fraud scheme to generate revenue for their developers.
What is Cookie Stuffing Ad Fraud Scheme?
Cookie Stuffing, also known as Cookie Dropping, is one of the most popular types of fraud schemes in which a website or a browser extension drops handfuls affiliate cookies into users’ web browser without their permission or knowledge. These affiliate tracking cookies then keep track of users’ browsing activities and, if they make online purchases, the cookie stuffers claim commissions for sales that actually they had no part in making, potentially stealing the credit for someone else’s attribution fraudulently.
The two ad blocking extensions discovered by researchers were found sending out a request to a URL for each new domain users visited after being installed for around 55 hours in an attempt to receive affiliate links from the sites users visited. The two extensions, with 1.6 million active users, were stuffing cookies from 300 websites from Alexa Top 10000 most popular websites, including of teamviewer, microsoft, linkedin, aliexpress, and booking.com, potentially making millions of dollars a month for their developers, according to the researchers.
However, the silver lining is that now that this fraud scheme is exposed, affiliate programs’ owners can trace the money trail and find out the mastermind.
Google Removed Both Ad Blocker Extensions from Chrome Web Store
Despite receiving multiple reports about how these extensions are deceiving users in the names of other more popular extensions, Google did not remove them from the Chrome Web Store as Google policy does allow multiple extensions to have the same name. However, after AdGuard researchers reported their findings of the malicious behavior of the two extensions, the tech giant removed both malicious extensions from Google Chrome Store.
Since browser extension takes permission to access all the web pages you visit, it can do practically anything, including stealing your online accounts passwords. So, you are always advised to install as few extensions as possible and only from companies you trust.
Before installing any extension or an app on your mobile phone, always ask yourself—Do I Really Need It?