Google recently removed an app from its Chrome Web Store that looked like Adblock Plus, but the 37,000 people who downloaded it should be on the lookout for a possible data breach.

An anonymous researcher who goes by the name SwiftOnSecurity was among the first to draw attention to the phony extension in a tweet. Though it’s unclear whether the developer behind it was out to cause a data breach, its tactics resemble those of a typical cybercriminal.

Fake Adblock Plus App Puts Users at Risk of Malvertising

According to a blog post from the genuine Adblock Plus, the phony version, which used the exact same name (other than a capital B in AdBlock), was marketed as an app in the Chrome Store as opposed to an extension. There were even reviews of the fake product, TechRadar reported.

According to Engadget, users who downloaded the phony product reported that it has done the opposite of what a real ad blocker is supposed to do: It took over their browsers and opened more ads in multiple tabs. This may not be as bad as causing a data breach, but fraudsters have been known to inject code into online advertisements in a process called malvertising, so users should be wary.

Dangerous Data Breach Potential

As Android Authority pointed out, Adblock Plus has attracted millions of users over the last several years and is arguably one of the most recognized names in the ad blocker category. Google acted quickly to remove the phony version but has yet to explain how its verification procedures failed to recognize it. If something like this can get through, what about a fake app aimed at causing a data breach?

Upon closer inspection, experts noticed that the phony Adblock Plus extension ID used Cyrillic characters. Bleeping Computer suggested that this may have allowed the automated systems in the Chrome Web Store to give the fake extension the green light.

Still, this is at least the second time a bogus version Adblock Plus has gotten into Google’s repository, so additional measures to beef up security may be required. People dislike online ads, but they would dislike a data breach even more.

More from

When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule

In February 2023, X-Force posted a blog entitled “Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers” that details the capabilities of a sample attributed to the Lazarus group leveraged to impair visibility of the malware’s operations. This blog will not rehash analysis of the Lazarus malware sample or Event Tracing for Windows (ETW) as that has been previously covered in the X-Force blog post. This blog will focus on highlighting the opportunities for detection of the FudModule within the…

LastPass Breaches Cast Doubt on Password Manager Safety

In 2022, LastPass suffered a string of security breaches which sparked concern among cyber professionals and those impacted by the intrusions. Some called into question the way LastPass handled and responded to the incident. In addition, the situation ignited a wider conversation about the risks linked to utilizing password managers.A password manager helps users generate strong passwords and safeguards them within a digital locker. A master password secures all data, which enables users to conveniently access all their passwords for…

The Role of Finance Departments in Cybersecurity

Consumers are becoming more aware of the data companies collect about them, and place high importance on data security and privacy. Though consumers aren’t aware of every data breach, they are justifiably concerned about what happens to the data companies collect. A recent study of consumer views on data privacy and security revealed consumers are more careful about sharing data. The majority of respondents (87%) say they wouldn’t do business with companies that appear to have weak security. Study participants also…

The One Place IT Budget Cuts Can’t Touch: Cybersecurity

If IT spending is slowing, will business leaders follow a similar approach for cybersecurity budgets? Probably not. Gartner predicts that end-user spending on both security technology and services will see an annual growth rate of 11% over the next four years. And the market is anticipated to reach $267.3 billion in 2026. Many security professionals agree that security spending cuts aren’t likely. Given the current threat landscape, strong security has quickly become a business imperative. Security has become the highest…