[TheRecord] Ad-blocker caught injecting ads in search results

Cyber-security firm Imperva said it discovered a malicious browser extension named AllBlock, available for both the Chrome and Opera browsers, that has been injecting ads and referral affiliate codes inside search results.

The discovery took place in August this year when Imperva researchers said they identified a domain that was hosting a malicious script that contained ad injection capabilities.

A subsequent investigation linked the script to infrastructure used by the AllBlock ad-blocker extension, Imperva researchers Johann Sillam and Ron Masas said in a report published yesterday.

According to their findings, the malicious behavior was described as follows:

Once users installed the extension, AllBlock would inject code into every new tab.The code would block legitimate ads, but it would also collect a list of URLs present on the page.The list would be sent to a remote server, which would reply with a list of links that needed to be replaced or injected into the page, usually inside search engine results.The links typically contained affiliate codes that allowed scammers to earn profits on new user registrations or product purchases.

Sillam and Masas said they believed the AllBlock extension was part of a larger distribution campaign that most likely involved more malicious browser extensions.

Based on some indicators, like IP addresses and domain names, the Imperva team believed this was part of a malware distribution operation called PBot.

An AllBlock spokesperson did not return an email seeking comment on Imperva’s findings.

At the time of writing, Opera has removed the AllBlock extension from its site, while the Chrome extension is still available on the official Chrome Web Store.

Image: The Record

The post Ad-blocker caught injecting ads in search results appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[ThreatPost] Six Flags to Pay $36M Over Collection of Fingerprints

All posts, ThreatPost

Illinois Supreme Court rules in favor of class action against company’s practice of scanning people’s fingers when they enter amusement parks. Source: Read More (Threatpost)

Read More

[BleepingComputer] Windows 10 is gaining these nifty enhancements in the next update

With Windows 10 Sun Valley update, we’re expecting new features for Start Menu, Taskbar, Action Center (notification center), File Explorer, and more. […] Source: Read More (BleepingComputer)

Read More

[TheRecord] Microsoft warns of new IE zero-day exploited in targeted Office attacks

Microsoft’s security team issued an alert earlier today to warn about a new Internet Explorer zero-day that is being abused in real-world attacks. Tracked as CVE-2021-40444, the vulnerability impacts Microsoft MHTML, also known as Trident, the Internet Explorer browser engine. While MHTML was primarily used for the now-defunct Internet Explorer browser, the component is also used in […]

Read More