Google removed two extensions from the Chrome Web Store. The fully functional ad blockers were caught trying do deceive users by using names of other well-known ad blocker extensions.
“AdBlock” by “AdBlock, Inc” and “uBlock” by “Charlie Lee” were also caught performing cookie stuffing – a method to hijack traffic from its legitimate source. The extentions were modifying cookie files and adding a parameter so that the authors of the extentions would earn a commission from the payments ursers made on the websites.
According to ZDNet, the extensions would activate on Teamviewer, Microsoft, LinkedIn, AliExpress and many other huge websites.
Andrey Meshkov, the co-founder of AdGuard and the one who discovered the fraud, mentioned that after 55 hours after installation, the malicious behaviour would start and would end if the user opened Chrome’s Developer Tools
AdBlock and uBlock were both based on the code of the original AdBlock extention and were used
Both extensions, that had together more than 1.5 millions installs, were based on the code of the original “AdBlock”. They were removed by Google after more news websites mentioned Mesjkov’s research.