Extensions Masquerading as AdBlock and uBlocker Outed as 'Fake'

By Lucian Armasu
published

The team behind AdGuard, a real ad-block extension for browsers, reported in a blog post this week that two popular ad blocking extensions found on the Google Chrome Web Store are, in fact, completely fake, despite being used by millions of users.

The two extensions, called AdBlock by AdBlock Inc. and uBlock by Charlie Lee, also mislead users by mimicking names of two real ad blocking extensions, as well as the names of the developers behind those extensions. Users have reported these extensions as fake, but Google has seemingly yet to take action.

According to AdGuard, the real purpose of these fake ad blocking extensions is “cookie stuffing,” which is used as an ad fraud scheme. The creators of the fake extensions stuff them with affiliate cookies, so that when the users of the extensions visit a relevant e-commerce site (such as Amazon) and make a purchase, the creators of the fake extensions get paid the affiliate commission for that purchase. 

The two extensions have 1.6 million active users and are stuffing cookies from 300 websites from Alexa Top 10000 most popular websites, AdGuard said, saying it studied the extensions' code. AdGuard believes that these malicious actors are making millions of dollars a month. 

The good news is that now that the scheme has been publicized, there is a chance that the affiliate programs' owners can follow the money trail and expose these fake ad blocking extensions' creators were.

The AdGuard team said that it doesn’t believe Google’s proposed and highly controversial Manifest V3 change, which is supposed to increase user security and privacy, will solve this issue of fake ad blocking extensions. In fact, the AdGuard team agrees with the Electronic Frontier Foundation’s proposal that Google should instead just review its extension store better.

How do you protect yourself until that happens? AdGuard recommends these options to start:

  1. If you're going to install a browser extension, think again. Maybe you don't really need it?
  2. Don't believe what you read in the extension's description. Be aware that there's almost no review process, and this can easily be a fake.
  3. Reading the users' reviews won't help as well. These two extensions had excellent reviews and yet they were malicious.
  4. Don't use the WebStore internal search, install extensions from the trusted developers' websites directly.

What these suggestions are really telling us is that AdGuard believes that the Chrome Web Store is like The Wild, Wild West, where almost anything goes, except for the minimum limitations put in place by the Chrome browser’s API support. Much like in the time before “app stores” and “extension stores” existed, you are ultimately on your own when you install something from the web and you should verify that the developer is trustworthy before allowing their code to run on your computer.

Lucian Armasu
Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
12 Comments Comment from the forums
  • Remeca
    Tad click baity article. Adblock and ublocker aren't fake, there's malicious extensions that are fake versions of them.
    Reply
  • StewartHH
    Remeca said:
    Tad click baity article. Adblock and ublocker aren't fake, there's malicious extensions that are fake versions of them.

    That like other malicious stuff on the net - good example is the fake windows errors that popup asking you to call Microsoft and not kill you internet connection. They do that because they think you are stupid and that was you should - clean you browser data and then turn it back on


    A good give away is the source of this article - it from another Ad Blocker itself

    https://adguard.com/en/welcome.html
    The utiimate solution one day is for OS to run the browser in isolated Virtual Machine. There for on restart it complete new state. Copying download items from virtual machine is more in control from user and can go scanning software.
    Reply
  • Giroro
    One would think that, if this were true, the makers of the real Adblock and uBlock Origin would have said something about this a long time ago.
    Although, as far as I know, the "real" adblock still sells ad space to let companies like Facebook bypass the filter. So, real is relative.
    Reply
  • hotaru251
    good thing my version of UBO isnt by charlie?


    but imho they get nothing off me as i dont use my PC to purchase stuff at all :D
    Reply
  • Crunshiiiiiii
    If its fake, how come I am getting a adblocker pop-up from this same article own site?
    Reply
  • adblocksupport
    Hi there! I'm from AdBlock - the real one (getadblock.com) - and I wanted to point out that your headline is extremely misleading. AdBlock itself isn't fake, the issue is that many ad blockers out there are maliciously presenting themselves as AdBlock. You also chose to use an image of our Samsung ad blocker, which is also not fake (and has nothing to do with this particular story). We're huge fans of the work AdGuard is doing to expose fake ad blockers, but we don't appreciate you adding us to the list. We'd ask that you choose a new image and consider editing your headline to avoid confusion.

    Thank you!
    Reply
  • adblocksupport
    Giroro said:
    One would think that, if this were true, the makers of the real Adblock and uBlock Origin would have said something about this a long time ago.
    Although, as far as I know, the "real" adblock still sells ad space to let companies like Facebook bypass the filter. So, real is relative.

    To comment on this, we've (AdBlock - the real one) been fighting these fake ad blockers with our attorneys for years; we've actually spent a lot of time and money doing so. We haven't done an expose because we just haven't had the resources, but we're thankful for AdGuard for doing this extremely important work. These malicious extensions are a huge problem.

    (And just to clarify, we don't sell ad space to anyone. If you're referring to our Acceptable Ads filter list, users are welcome to opt in or out of that as they please.)
    Reply
  • TJ Hooker
    Giroro said:
    One would think that, if this were true, the makers of the real Adblock and uBlock Origin would have said something about this a long time ago.
    Although, as far as I know, the "real" adblock still sells ad space to let companies like Facebook bypass the filter. So, real is relative.
    I believe the "real" uBlock does too, as it was purchased by AdBlock. "uBlock Origin" is different than "uBlock".
    Reply
  • adblocksupport
    adblocksupport said:
    Hi there! I'm from AdBlock - the real one (getadblock.com) - and I wanted to point out that your headline is extremely misleading. AdBlock itself isn't fake, the issue is that many ad blockers out there are maliciously presenting themselves as AdBlock. You also chose to use an image of our Samsung ad blocker, which is also not fake (and has nothing to do with this particular story). We're huge fans of the work AdGuard is doing to expose fake ad blockers, but we don't appreciate you adding us to the list. We'd ask that you choose a new image and consider editing your headline to avoid confusion.

    Thank you!


    Thanks to the Tom's Hardware team for updating the headline and removing the AdBlock photo. We appreciate your quick response to our concerns!
    Reply
  • Remeca
    Tomshardware.com said:
    Extensions Masquerading as AdBlock and uBlocker Outed as 'Fake'


    Agreed, that seems much more informative and factual.
    Reply