The team behind AdGuard, a real ad-block extension for browsers, reported in a blog post this week that two popular ad blocking extensions found on the Google Chrome Web Store are, in fact, completely fake, despite being used by millions of users.
The two extensions, called AdBlock by AdBlock Inc. and uBlock by Charlie Lee, also mislead users by mimicking names of two real ad blocking extensions, as well as the names of the developers behind those extensions. Users have reported these extensions as fake, but Google has seemingly yet to take action.
According to AdGuard, the real purpose of these fake ad blocking extensions is “cookie stuffing,” which is used as an ad fraud scheme. The creators of the fake extensions stuff them with affiliate cookies, so that when the users of the extensions visit a relevant e-commerce site (such as Amazon) and make a purchase, the creators of the fake extensions get paid the affiliate commission for that purchase.
The two extensions have 1.6 million active users and are stuffing cookies from 300 websites from Alexa Top 10000 most popular websites, AdGuard said, saying it studied the extensions' code. AdGuard believes that these malicious actors are making millions of dollars a month.
The good news is that now that the scheme has been publicized, there is a chance that the affiliate programs' owners can follow the money trail and expose these fake ad blocking extensions' creators were.
The AdGuard team said that it doesn’t believe Google’s proposed and highly controversial Manifest V3 change, which is supposed to increase user security and privacy, will solve this issue of fake ad blocking extensions. In fact, the AdGuard team agrees with the Electronic Frontier Foundation’s proposal that Google should instead just review its extension store better.
How do you protect yourself until that happens? AdGuard recommends these options to start:
- If you're going to install a browser extension, think again. Maybe you don't really need it?
- Don't believe what you read in the extension's description. Be aware that there's almost no review process, and this can easily be a fake.
- Reading the users' reviews won't help as well. These two extensions had excellent reviews and yet they were malicious.
- Don't use the WebStore internal search, install extensions from the trusted developers' websites directly.
What these suggestions are really telling us is that AdGuard believes that the Chrome Web Store is like The Wild, Wild West, where almost anything goes, except for the minimum limitations put in place by the Chrome browser’s API support. Much like in the time before “app stores” and “extension stores” existed, you are ultimately on your own when you install something from the web and you should verify that the developer is trustworthy before allowing their code to run on your computer.