Google Removes Over 500 Extensions From Chrome Web Store Over Ad Fraud

The malicious extensions were a part of a large network whose activities date back to early 2010s.

Advertisement
By Nadeem Sarwar | Updated: 14 February 2020 16:29 IST
Highlights
  • The malicious Chrome extensions claimed to offer advertising services
  • Malicious actors obfuscated the inherent advertising mechanism
  • Over 1.7 million users were affected by just 70 of these extensions
Google Removes Over 500 Extensions From Chrome Web Store Over Ad Fraud

The fraudulent Chrome extensions involved redirect cycles to generate ad revenue

Google has removed over 500 malicious extensions from the Chrome Web Store over ad fraud. The extensions were found to be a part of a large fraudulent advertising network that injected adware into browsers and pulled browsing data while trapping users with redirect cycles. In some cases, the ads redirected users to websites belonging to big names like Dell and Best Buy, but a majority of them took users to sites that risk malware downloading and phishing. The volume of redirects was also high, which further multiplied the risk posed by these extensions.

The discovery of these shady extensions was made public in a research conducted by independent security researcher Jamila Kaya (@bumblebreaches) and information security expert Jacob Rickerd (@crxpert), and was later published on Cisco-owned Duo. Once the malicious behaviour of these extensions was reported to Google, the company conducted a sweep across the Chrome Web Store and removed more than 500 related extensions.

“We do regular sweeps to find extensions using similar techniques, code, and behaviors, and take down those extensions if they violate our policies”, a Google spokesperson was quoted as saying by Duo.

As per the report, the now-removed Chrome extensions were presented as products that could offer advertising services. But they were found to be a part of a large network comprising of copycat plugins. The research found 70 of these extensions affecting around 1.7 million users, which means the net scale was much larger if there were over 500 such extensions involved in ad fraud.

The malicious Chrome extensions were reportedly created to hide the underlying ad mechanism from users. This made it easier to connect them to a command and control architecture so that browser data can be exfiltrated. During the research, it was found that the extension fraud network has been running for the past couple of years, but their activity potentially dates back to early 2010s. The malicious activity of these Chrome extensions mainly involved ad fraud through a stream of redirects.

Some of the redirects led users to seemingly harmless pages belonging to Dell, Macy's, and Best Buy among others. However, these redirecting streams were mainly used to make users reach a phishing-prone webpage and sites where malware could be downloaded. Bad actors used these extensions to cycle through redirect streams in order to generate ad revenue, and in some cases, these redirects passed well over 30 times.

 

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Advertisement

Related Stories

Popular Mobile Brands
  1. Vivo Y400 5G: Everything You Need to Know Ahead of India Launch
  2. Gold Defies Physics: Remains Solid at 14x Its Melting Point in Superheating Experiment
  1. Gold Defies Physics: Remains Solid at 14x Its Melting Point in Superheating Experiment
  2. New Inelastic Dark Matter Model Could Bypass Current Limits of Particle Detection
  3. Massive 200-Light-Year Cloud May Be Channeling Matter to the Milky Way's Core
  4. Supergiant Star Wd1-9 Investigated: Know Everything about New Findings and Insights from Supergiant Star
  5. Australia’s First Orbital Rocket Eris Fails at Historic Launch
  6. Battle of Culiacan: Heirs of the Carte Now Streaming on JioHotstar
  7. New World Record Alert: Weather Satellite Records Longest Lightning Flash of 515 Miles
  8. New Rogue Planet Discovered in Hubble Data Using Einstein’s Gravity Theory
  9. Brightest Gamma-Ray Burst Ever Observed Reveals Cosmic Secrets
  10. Microsoft Reaches $4 Trillion Valuation After Solid Results
Gadgets 360 is available in
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.