[TheRecord] Ad-blocker caught injecting ads in search results

Cyber-security firm Imperva said it discovered a malicious browser extension named AllBlock, available for both the Chrome and Opera browsers, that has been injecting ads and referral affiliate codes inside search results.

The discovery took place in August this year when Imperva researchers said they identified a domain that was hosting a malicious script that contained ad injection capabilities.

A subsequent investigation linked the script to infrastructure used by the AllBlock ad-blocker extension, Imperva researchers Johann Sillam and Ron Masas said in a report published yesterday.

According to their findings, the malicious behavior was described as follows:

Once users installed the extension, AllBlock would inject code into every new tab.The code would block legitimate ads, but it would also collect a list of URLs present on the page.The list would be sent to a remote server, which would reply with a list of links that needed to be replaced or injected into the page, usually inside search engine results.The links typically contained affiliate codes that allowed scammers to earn profits on new user registrations or product purchases.

Sillam and Masas said they believed the AllBlock extension was part of a larger distribution campaign that most likely involved more malicious browser extensions.

Based on some indicators, like IP addresses and domain names, the Imperva team believed this was part of a malware distribution operation called PBot.

An AllBlock spokesperson did not return an email seeking comment on Imperva’s findings.

At the time of writing, Opera has removed the AllBlock extension from its site, while the Chrome extension is still available on the official Chrome Web Store.

Image: The Record

The post Ad-blocker caught injecting ads in search results appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[ZDNet] Meta to demote content from Russian state-backed media on Facebook and Instagram platforms

All posts, ZDNet

Meta is taking a range of actions to limit news spread by Russian state-backed media outlets. Source: Read More (Latest topics for ZDNet in Security)

Read More

[ZDNet] Card Broken: 1000 arrests made in Chinese crackdown on fraud, cryptocurrency laundering

All posts, ZDNet

Criminals involved in telecom scams allegedly funneled their profits through cryptocurrency platforms. Source: Read More (Latest topics for ZDNet in Security)

Read More

[BleepingComputer] Firefox 90 adds enhanced tracker blocking to private browsing

Mozilla has introduced SmartBlock 2.0, the next version of its intelligent cross-site tracking blocking tech, with the release of Firefox 90. […] Source: Read More (BleepingComputer)

Read More