Millions of Chrome Users Have Installed Malware Posing as Ad Blockers

As if trying to navigate your online privacy wasn’t complicated enough, it turns out the adblocker you installed on your browser may actually be malware.

Andrey Meshkov, the cofounder of ad-blocker AdGuard, recently got curious about the number of knock-off ad blocking extensions available for Google’s popular browser Chrome. These extensions were deliberately styled to look like legitimate, well-known ad blockers, but Meshkov wondered why they existed at all, so he downloaded one and took a look at the code.

Meshkov discovered that the AdRemover extension for Chrome—which had over 10 million users—had code hidden inside an image that was loaded from the remote command server, giving the extension creator the ability to change its functions without updating. This alone is against Google’s policy, and after Meshkov wrote about a few examples on AdGuard’s blog, many of which had millions of downloads, Chrome removed the extensions from the store. I reached out to Google, and a spokesperson confirmed that these extensions had been removed.

Though Meshkov didn’t immediately see what the extension was collecting data for, he said having this link to a remote server is dangerous because it could change your browser behavior in many ways. Meshkov said it could alter the appearance of pages, scrape information from the user, or load additional extensions that a user hasn’t installed.

So what should you do when all the sketchy extensions look just like the real deal? Meshkov recommended looking up the developer website for the extension you want, and they’ll have a link to the store where you can install it. And just be careful about what you install on your browser.