Even though most of the ad streams fed to those users who had installed any of these Chrome web browser extensions were from "genuine" advertisers, the researchers said that what differentiated them as being malvertising ad fraud was "the large volume of ad content shown, the fact that the user does not see many if not the majority of these ads, and the fact that malicious third-party actors are actively using these streams to redirect the user to malware and phishing."Ĭontributor Do NOT reactivate any of these extensions, here’s where you can find the full listĪs well as removing the malicious extensions from the Chrome Web Store, Google also automatically deactivated instances within the user's browser. This involved providing different locations to which private user browsing data should be uploaded and lists of advertisements to be fed to the browser.Īccording to the report, authored jointly by Jamila Kaya and Duo Security information security engineer Jacob Rickerd, this primary malicious behavior resulted in users regularly getting fed new redirector domains leading to both "benign" and illegitimate advertising streams. Using a scam methodology that involved redirecting the browser to a whole bunch of domains, and then onto one of a number of malicious control servers to direct the fraud itself. They initially discovered that 70 Chrome web browser extensions, which had been installed by at least 1.7 million users, were obfuscating malicious advertising functionality from those unknowing users.
The fraud campaign was unearthed in a joint operation between Cisco's Duo Security team and an independent security researcher, Jamila Kaya. Digging into Chrome web browser extension fraud
0 kommentar(er)
