Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
don't use adblocker called ALLBLOCK according to this article from Malwarebytes blog.
Researchers at Imperva uncovered a new ad injection campaign based on an adblocker named AllBlock. The AllBlock extension was available at the time of writing for Chrome and Opera in the respective web stores.
While disguising your adware as an adblocker may seem counterintuitive, it is actually a smart thing to do. But let’s have a look at what they did and how, first.
What Imperva found is that the extension replaces all the URLs on the site a user is visiting with URLs that lead to an affiliate. This ad injection technique means that when the user clicks on any of the modified links on the webpage, they will be redirected to an affiliate link. Via this affiliate fraud, the attacker earns money when specific actions like registration or sale of the product take place.
...
To pull this off, malicious browser extensions, malware, and stored cross-site scripting (XSS) are the most commonly found techniques.
In this case it was a malicious extension that used some interesting methods.
To make the extension look legitimate, the developers actually implemented ad blocking functionality. Further, the code was not obfuscated and nothing immediately screams malware.
All the URLs that are present in a visited website are sent to a remote server. This server replies with a set of URLs to replace them with. The reading and replacing of the URLs is done by the extension which was given permissions to do so.
While disguising your adware as an adblocker may seem counterintuitive, it is actually a smart thing to do. But let’s have a look at what they did and how, first.
What Imperva found is that the extension replaces all the URLs on the site a user is visiting with URLs that lead to an affiliate. This ad injection technique means that when the user clicks on any of the modified links on the webpage, they will be redirected to an affiliate link. Via this affiliate fraud, the attacker earns money when specific actions like registration or sale of the product take place.
...
To pull this off, malicious browser extensions, malware, and stored cross-site scripting (XSS) are the most commonly found techniques.
In this case it was a malicious extension that used some interesting methods.
To make the extension look legitimate, the developers actually implemented ad blocking functionality. Further, the code was not obfuscated and nothing immediately screams malware.
All the URLs that are present in a visited website are sent to a remote server. This server replies with a set of URLs to replace them with. The reading and replacing of the URLs is done by the extension which was given permissions to do so.
https://blog.malwarebytes.com/web-threats/2021/10/adblocker-promises-to-blocks-ads-injects-them-instead/?utm_source=sfmc&utm_medium=email&utm_campaign=b2c_tri_oth_b2c_newsletter_nov2021_issue1_163586784582&utm_content=adblocker-promises-to-blocks-ads-injects-them-instead
1 replies
= new reply since forum marked as read
= new reply since forum marked as read
