A study conducted in a partnership between the search giant Google and University of California Berkeley, reveals that one in 20 PCs accessing a Google-owned website is running potentially risky ad-injecting software. The discovery translates to more than a third of Chrome extensions are injected with ads, affecting 14 millions of users.
These extensions are considered malware. Google received more than 100,000 complaints from Chrome users in the past few months concerning this. They relate extensions can cause network errors, performance problems and other issues.
This has led Google purging 192 bad extensions from its online catalog of browser addons, according Google in a blog post on March 31st, 2015.
Extensions for the Good and the Bad
A web browser's extensions are small software programs that can modify and enhance the functionality of the web browser. Created using web technologies such as HTML, JavaScript and CSS, these little software can do pretty much anything the user wants to enhance their browser's usability to increase experience.
On Google Chrome, extensions have little to no interface. Most just have icons to represent them, allowing users to interact with its features.
Since extensions can have many capabilities, many have hidden extra features that may cause trouble for users who installed them. Preliminary results revealed that 5 percent of people accessing Google everyday have been caught out by at least one malicious extension. And out of these victims, about a third have four or more bad extensions installed.
"It is a very hard problem to deal with," said Alexandros Kapravelos, UC Santa Barbara computer scientist who worked with Google on the rogue extensions project.
Some bad extensions were easy to spot, he said, because they were so obvious. However, many used techniques seen in legitimate extensions, and it took a lot of extra analysis to pin down the bad ones.
"Even when we have a complete understanding of what the extension is doing, sometimes it is not clear if that behavior is malicious or not," he said. "You would expect that an extension that injects or replaces advertisements is malicious, but then you have AdBlock that creates an ad-free browsing experience and is technically very similar."
Ad Injector Extensions: Bad for Everyone
In Google Chrome, any extension hosted in the Chrome Web Store must comply with the Developer Program Policies. These require that extensions have a narrow and easy-to-understand purpose. Ad injectors violate Google's policy, and the company is bringing them down.
These ad injectors may sneak in a way that most people won't recognize. They gather data to force ads to show on a web browser. These programs are deceptive, difficult to remove and secretly tied with other downloads. And because they can be equipped with bundles of download, they can cause further harm to the users.
For advertisers and publishers, they waste money and spoil people's browsing experience.
"Ad injection undermines the integrity of user interactions and surreptitiously inserts control separate from either of the communicating parties," said UC Berkeley EECS Professor Vern Paxson in a statement about the research.
Many advertisers and publishers aren't aware of their existence. They have no information where their ads are running, making them unable to get compensated because they're putting their visitors to risk of spam and other malwares.
The study further discovered the widespread use of ad injectors on multiple browsers, both Windows and OS X computers.
This crackdown comes less than two month after Lenovo sold computers that came pre-installed with adware from a company called Superfish. Not only did this software inject ads, it also hijacked encrypted web sessions and made users vulnerable to attacks that could even risk users using HTTPS protections.