The campaign was targeting users of some of the largest websites, stealing clicks and advertising revenue.
Imperva Research Labs has discovered a new ad fraud campaign using a free ad blocker extension available on both Chrome and Opera browsers called AllBlock.
The campaign was targeting users of some of the largest websites, stealing clicks and advertising revenue.
According to the security company, cyber criminals often advertise ‘free’ apps/plugins that look legitimate as a way to get consumers to download software on their machine. AllBlock is advertised as an ad blocker extension available on both Chrome and Opera browsers.
Imperva Research Labs believes it has not found the origin of the attack, and that there is a larger campaign taking place that may utilise different delivery methods and more extensions.
Such ad injection campaigns steal advertising revenue from publishers and websites. They also create a terrible experience for the user — displaying annoying ads and degrading site performance — which can result in customer loss.
“Once downloaded, AllBlock uses its elevated installation privileges at the browser level to inject Javascript into the user’s application experience,” said Reinhart Hansen, Imperva Chief Technology Officer for Asia Pacific and Japan. “This directs the consumer’s browser to load specific ad content pop-ups and side-bar ads where the hacker is paid per click. It’s a very underhanded and cunning way for the hacker to secure advertising revenue because the user is forced to click on the ad to make it disappear from their screen.”
For more details, you can read this technical blog post.
How brands can protect themselves
Imperva said this particular ad injection campaign is hard to detect because the developer has included code to monitor when debugging tools are being used and hides its activity. The only way a brand can protect their users is to use client-side protection that prevents unauthorised JavaScript from being able to execute.