Google Chrome: Fake Ad Blockers Installed by 20 Million Users—how to Check If You Were Affected

Ad blocking tools are installed by hundreds of millions of internet users to fend off intrusive marketing, stay secure and prevent unwanted disruptions. But experts warned this week that fake “clones” were recently able to sneak past Google’s security, putting more than 20 million Chrome users at risk of hacking.

The victims were duped into downloading the fraudulent software after it was hosted on the Chrome Web Store, according to research published on Tuesday by AdGuard. The booby-trapped ad blockers were seemingly able to rise to the top of the search results via keywords embedded into the uploads, it found.

In total, there were five suspicious applications flagged to Google: AdRemover for Google Chrome (10 million users), uBlock Plus (8 million users), Adblock Pro (2 million users), HD for YouTube (400,000 users) and Webutation (30 million users). The software reported by AdGuard has now been removed.

Researchers who analyzed the AdRemover tool concluded that the code inside the app could be used to leak "information about some of the websites you visit."

Once downloaded, hackers could also exploit it to force a victim’s Chrome browser to “do whatever the command center server owner orders it to do.” It was described as a "botnet of browsers" infected with the fake extensions.

“Surfing through the Chrome's Web Store is like walking through a minefield,” AdGuard wrote in its analysis. “If you want to install an extension, think twice. And then think twice again. Check who is the author of this extension. Do not install it if you don't trust the author. Please note, that at some point the extension can be sold to someone else, and who knows what it will become.”

Google display on laptop In this photo illustration, the Google website is displayed on a laptop on March 3 in Berlin. Carsten Koall/Getty Images

Anyone who needs to check if they are infected should make sure they are not using any of the named ad blocking apps. If so, they should be immediately deleted. 

It is not the first time that infected code has slipped past the technology giant’s defenses. In October last year, Google was forced to purge a fake Adblock extension that was discovered to have been downloaded by at least 37,000 people. While this case targeted Chrome users, Google’s Play Store is also frequently targeted by hackers aiming to spread Android banking malware and trojans.

Google did not respond to a request for comment.

“Different companies have different approaches to how third parties can add content to their stores and each has its pros and cons,” Lee Munson, a security researcher for Comparitech, told Newsweek on Thursday. “While Apple may frustrate with the time it takes for manual approval to be received, Google takes a different approach with a more automated checking process, after the fact.

“The dangers of this approach are obvious, as seen with fake ad blockers that zombify devices into a botnet,” Munson continued. “I imagine the only way Google can improve this situation is to take a proactive rather than reactive stance on spotting fake extensions. This is likely to take both time and money; it will be interesting to see if this is a cost worth bearing in order to protect its users.”

Google Ad Blocker Fake ad blocking software slipped past Google's security and infected 20 million users, researchers claim. Ad Guard