Malicious developers pretend to be AdBlock/uBlock extensions to hijack users after installation

Adblock/uBlock are very well-known ad-blocking extensions in the browser, of course, these extensions are safe for users to use without any problems. However, there are malicious developers who submit the same type of ad-blocking extensions with the same name and use these extensions to tamper with important data from the user’s browser. Since the names are identical, it is easy to see the malicious extension version by searching in the Google Chrome store, which has a potential impact on user account security.

To be honest, both ordinary and professional users have a high probability of getting trick, because these malicious extensions are confusing regardless of their name or profile. For example, the developers under the AdBlock extension of the fake version are AdBlock Inc., and there are 378 reviews below, with a rating of 4.5 stars. The fake version of the uBlock extension is also said to be the No. 1 Adblock Tool for Google Chrome, which has 1,272 reviews and a rating of 5 stars.

Image: adguard

These fake extensions can be used to block ads after installation. However, after the installation, the fake extension will connect to the developer’s server request resources at intervals, and the downloaded content is mainly the cookie files of some ad networks. Of course, these developers can also directly steal the user’s other account cookies. After these cookies, attackers can directly log in to the user account without an account password.

The above problem was discovered by AdGuard researchers, a well-known adblocking software. After the researchers notified the issue to Google, the company confirmed and removed the extension. According to AdGuard statistics, the fake version of AdBlock has been downloaded and installed by 800,000 users, and the fake version of uBlock has been downloaded and installed by 850,000 users.