According to the latest research by cybersecurity firm Imperva, a new misleading ad injection campaign has been discovered that uses an ad blocker plugin for Google Chrome and Opera internet browsers to surreptitiously install advertisements and affiliate codes on websites.
The discoveries came after the researchers had found rogue websites spreading an ad injection script in late August 2021, which they linked to an add-on named AllBlock. Ever since the extension has been removed from the Chrome Web Store and the Opera add-ons markets.
Though AllBlock is intended to properly prevent advertisements, the JavaScript code is injected into each new window launched in the browser. It operates by recognizing and sending all links in a website page — especially on search engine results pages — to a remote server, that further responds with a list of internet sites to replace the genuine links with, resulting in a type of situation in which the victim is diverted to a separate page upon clicking a link.
"When the user clicks on any modified links on the webpage, he will be redirected to an affiliate link," Imperva researchers Johann Sillam and Ron Masas said. "Via this affiliate fraud, the attacker earns money when specific actions like registration or sale of the product take place."
AllBlock is additionally distinguished by several anti-detection measures, such as emptying the debug console every 100ms and barring main search engines. According to Imperva, the AllBlock extension is likely part of a wider distribution effort that may have used additional browser extensions and delivery mechanisms, with links to a prior PBot campaign based on domain name and IP address overlaps.
"Ad injection is an evolving threat that can impact almost any site. Attackers will use anything from browser extensions to malware and adware installed on visitors' devices, making most site owners ill-equipped to handle such attacks," Sillam and Masas said.
This example serves as yet another warning of the necessity of selecting the browser extensions properly and installing just those that are required.
In this situation, AllBlock has received positive customer feedback since its adblocking technology has been correctly implemented. Nevertheless, it raises the danger of deceit and confuses customers.