- AdGuard company, which provides various ad-blocking and privacy-enhancing products, has revealed, following an investigation, that more than 80 million Chrome Web Store users have become victims of fake ad-blocking add-ons.
- This case is part of a broader and more complex issue: Online stores that allow their users to offer unsupervised applications and plugins are a fertile ground for malicious activity and fraud.
- The malicious plugins found in AdGuard's investigation are divided into three types: plugins that use steganography to inject advertisements into Google and Bing's search results, plugins that perform Cookie Stuffing (injecting cookies into the browser in order to grant the user with payment on certain sites), and spam plugins (impersonating to legitimate and popular additives) that do not perform malicious activity in the first step but may change their mode of action in the future.
- The attached document presents the findings of the AdGuard investigation and its recommendations for avoiding malicious plugins.
Below is a summary of ADGUARD's recommendations
- Download supplements only if they are necessary.
- Only install plugins from trusted developers whom are familiar with
- Doubt what was said in the description of the plugin.
- Do not rely on the reviews written on the plugin. Most malicious plugins have excellent reviews.
Inside the document is an identifiers appendix that includes the names of the 295 malicious extensions found in the investigation. It is advisable to make sure that you do not use any of them.Read the attached document