Malicious Ad Blocker Extensions Caught Cookie Stuffing
A web extension is a small software application that adds functionality to a web browser. While they can increase productivity, they also pose significant privacy and security threats, often acting as the weakest link in browser security.
Recently, two widely used ad-blocker extensions on the Google Chrome Web Store, posing as the originals, were caught fraudulently stuffing cookies in users' browsers to generate affiliate income.
Fake Ad Blockers with over 1.6M Users
Discovered by researchers at Adguard, these two extensions used the names of popular, legitimate ad-blockers to trick users:
- AdBlock by AdBlock, Inc — over 800,000 users
- uBlock by Charlie Lee — over 850,000 users
While the extensions did block ads, they were also caught performing "Cookie Stuffing" to generate revenue for their developers.
What is Cookie Stuffing?
Cookie Stuffing, or Cookie Dropping, is a fraud scheme where a site or extension drops affiliate cookies into a user's browser without their knowledge. These cookies track Browse, and if a purchase is made, the cookie stuffer fraudulently claims a commission.
The two extensions sent requests for each new domain a user visited (after a 55-hour delay), stuffing cookies from over 300 popular websites like Microsoft, LinkedIn, and Booking.com.
Google Removes Both Malicious Extensions
After AdGuard reported the malicious behavior, Google removed both extensions from the Chrome Web Store.
Since browser extensions can access all the web pages you visit, they can do practically anything. You are always advised to install as few extensions as possible and only from companies you trust.
Before installing any extension or an app, always ask yourself—Do I Really Need It?
