Ddos 
Most users will choose to install the ad blocking extension tool immediately after installing Google Chrome and Firefox browser to block ads on the webpage. However, if you directly search the Google Chrome online store for keywords such as ADBLOCK and other popular ad-blocking tools, you may be deceived. Currently, researchers have found 5 malicious adware interceptors in the browser store. The total number of download and installation of these interceptors has reached 20 million.
These ad blockers mainly evade Google’s review by modifying the script. These scripts are so common that auditors do not look closely. But in fact, these scripts have been modified and malicious code has been implanted. These malicious codes will upload the websites visited by users to the attacker’s server. In order to avoid all the remote control commands issued by the attacker being hidden in the picture, the picture itself is harmless but the malicious code can read the content. The malicious script finally loaded has the ability to allow an attacker to change the browser in any way. The attacker can also issue commands to perform remote operations at any time. Infected users form botnets for use by attackers, but no investigation has been conducted to confirm what the attackers did with botnets.
Being able to download 20 million times naturally cannot rely on simple camouflage. These malicious ad blockers mainly rely on popular keywords to induce users to actively install.
At the same time, users will find that they can actually block advertisements after installation because these malicious interceptors are modified based on ADBLOCK and the like.
Therefore, some of the popular Li ghost interceptors have thousands of or even tens of thousands of five-star praise, these five-star praise for later users more easily attracted and fooled.
- AdRemover for Google Chrome™ (10 million+ users)
- uBlock Plus (8 million+ users)
- [Fake] Adblock Pro (2 million+ users)
- HD for YouTube™ (400,000+ users)
- Webutation (30,000+ users)
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
