Over 20 Million Installed Malicious Ad Blockers From Chrome Store

There are many Adblocker extension in Chrome Store browser, and some of them can be used to hack your device.
Researchers have spotted five malicious ad blockers extension in the Google Chrome Store that had already been installed by at least 20 million users.
Malicious browser extensions are nothing new, they’ve been around for years and often have access to everything you do online. Chrome extensions also allow its creators to steal any information victims enter into any website they visit, including passwords, web browsing history and credit card details.

These five malicious extensions are copycat versions of legitimate, well-known Ad Blockers.
Devices owned by individuals or companies can be rapidly and safely secured by installing an antivirus for Windows or antivirus for Mac depending on which version of OS your device runs. As for the companies, please remember that professional cybersecurity firms are offering good cybersecurity packages that can be used to test your company’s network integrity by running various tests like penetration test and ethical hacking tests.

Creators of these extensions also used popular keywords in their names and descriptions to rank top in the search results, increasing the possibility of getting more users to download them.

After it was reported to Google, the tech giant immediately removed all of the following ad blockers extension from its Chrome Store:
• AdRemover for Google Chrome™ (10 million+ users)
• uBlock Plus (8 million+ users)
• [Fake] Adblock Pro (2 million+ users)
• HD for YouTube™ (400,000+ users)
• Webutation (30,000+ users)

Researchers have done a malware analysis on ‘AdRemover’ extension for Chrome and found out that malicious code is hidden inside it. The malicious code is a modified version of jQuery which sends information about some websites a user visits back to a remote server.
The malicious extension then receives commands from the remote server, which are executed in the extension ‘background page’ and can change your browser’s behavior in any way.
To avoid detection, these commands send by the remote server are hidden inside a simple image.

These commands are scripts which are executed in the privileged context.
Every browser extension has the permission to access all the web pages you visit. Practically it can do anything.
To stay protected, we strongly advise users to do the following:
• Install of antivirus for Windows or antivirus for Mac, depending on which version of OS your devices run
• Install as few extensions as possible and only from companies you trust.
• If you are a company, check your network integrity by running various tests like penetration test and ethical hacking tests at least once a year.